FBA for external/ non domain only (Full Version)

All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing



Message


thewardoz -> FBA for external/ non domain only (8.Oct.2009 6:12:42 AM)

Hi

I am looking for a way to set up a rule which works differently depending on the client circumstances. So:

If the client is on a specific vlan on their laptop (so not logged onto the domain) - then get the FBA page.

If the client is on a specific vlan on their work PC (so logged onto the domain) - then automatically use domain credentials.

If the client is on the external network - then get the FBA page.

The only way I can think of doing this is to have a split domain, which we have, but any clients that are internal that hit the external NIC are dropped.
Another way would be to have separate DNS for the non domain vlan, but I want to avoid having DNS split over three areas.

Any ideas would be greatly appreciated.

Regards




thewardoz -> RE: FBA for external/ non domain only (8.Oct.2009 11:32:33 AM)

Hi

I have added another DNS record for ext.sharepointserver which I have pointed to the ISA server and then extended the default site in sharepoint to uses this new address. All seems to work very well.

Regards




pwindell -> RE: FBA for external/ non domain only (8.Oct.2009 12:10:15 PM)

Well the biggest problem here is that you never said where (physically) the site is in relation to the LAN users and the ISA.  I am forced to assume that the Site is physically on the same LAN, on the same side of the ISA that the LAN Users are on.
 
If the client is on a specific vlan on their laptop (so not logged onto the domain) - then get the FBA page.
 
If the client is on the external network - then get the FBA page.

For these you use the same Web Publishing Rule.  The Rule Source is to be Exteranl and ansl an Addrress Set containing the IP Subnet of the VLAN.  The Authentication of the Rule is obviously going to be FBA.

If the client is on a specific vlan on their work PC (so logged onto the domain) - then automatically use domain credentials.

Normal LAN users (Domain member machines with Domain user accounts) are not supposed to go through the ISA to get to the Site to begin with.  They should go to the site directly.  So for them,...the URL should resolve to the specific IP# of the Web Site itself.  This is accomplished with Splt-DNS.

Everyone should use the same URL,...but it has to resolve differently depending on where the users are comming from.







Page: [1]