Presentation is loading. Please wait.

Presentation is loading. Please wait.

Designing a Secure Extranet with Sharepoint Russ Basiura Principal Consultant RJB Technical Consulting

Published byMarvin Allan Edwards Modified over 8 years ago

Similar presentations

Presentation on theme: "Designing a Secure Extranet with Sharepoint Russ Basiura Principal Consultant RJB Technical Consulting"— Presentation transcript:

1 Designing a Secure Extranet with Sharepoint Russ Basiura Principal Consultant RJB Technical Consulting www.rjbtech.com russ@rjbtech.com www.rjbtech.com Extranets

2 Agenda Deployment Scenario Configuration Challenges Security and Authentication

3 Scenario

4 Active Directory in the DMZ –No Trusts Single Server or small farm –All servers in the DMZ All Services in the DMZ –Mail –IM Basic Authentication over HTTPS Digest Authentication (Not Supported)

5 Scenario All Users must logon Management via Remote Desktop All content stored in portal Ports –TCP 3389 open to intranet for RDP –TCP 80 open to intranet for HTTP –TCP 443 open to extranet for HTTPS

6 User Challenges Authentication –Users don’t like being asked for identity –Use Portal SSO to access other resources URLS –Store content on the portal –Put content links on the portal

7 Technical Challenges Authentication SSL

8 Authentication Basic over https Integrated –NTLM –Kerberos Digest –Single web server or web farm with affinity –Not Supported Custom –ISAPI Filter with persistent cookie –Not Supported

9 Custom Authentication Must create a valid Windows Principal Must attach context to thread before entering.Net pipeline –Ows.dll is an ISAPI extension –ISAPI extensions cannot be chained Build an ISAPI filter –Create and manage Windows Principal –Embed basic authentication headers in request

10 Discussion

Download ppt "Designing a Secure Extranet with Sharepoint Russ Basiura Principal Consultant RJB Technical Consulting"

Similar presentations

Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
Dan Usher Joel Ward. Who we are… What we’ve seen… Security Concerns in today’s world Why SmartCards? Authentication & Authorization of SharePoint IIS.

Dan Usher Joel Ward. Who we are… What we’ve seen… Security Concerns in today’s world Why SmartCards? Authentication & Authorization of SharePoint IIS.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
ASP.NET Web Application Security Hannes Preishuber ppedv AG

ASP.NET Web Application Security Hannes Preishuber ppedv AG
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.

1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
IIS Configuration © N. Ganesan, Ph.D.. Renaming the Default Web.

IIS Configuration © N. Ganesan, Ph.D.. Renaming the Default Web.
Internet Information Server (IIS)

Internet Information Server (IIS)
Remote Access SSL VPN Stewart Duncan Technical Manager.

Remote Access SSL VPN Stewart Duncan Technical Manager.
Philadelphia Area SharePoint User Group www.PhillySharePoint.org Welcome to the Philadelphia Area SharePoint User Group Russ Basiura SharePoint Consultant.

Philadelphia Area SharePoint User Group Welcome to the Philadelphia Area SharePoint User Group Russ Basiura SharePoint Consultant.
Fraser Technical Solutions, LLC

Fraser Technical Solutions, LLC
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
Welcome to Philly Code Camp Russ Basiura SharePoint Consultant RJB Technical Consulting

Welcome to Philly Code Camp Russ Basiura SharePoint Consultant RJB Technical Consulting
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.

Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.

Similar presentations

Ads by Google