| Author |
Message |
Steve F.
Guest
|
 Posted:
Fri Jan 14, 2005 1:11 am Post subject:
Authenticating across the Internet behind a firewall |
|
|
I have users who are behind customer firewalls that say port 80 and 443 are
open but my users do not get the Windows pop-up autentication box and there
fore get a 401 error message that they do not have access to the site. How
can they get around this? |
|
| Back to top |
|
 |
Shane
Guest
|
| Posted:
Fri Jan 14, 2005 1:51 am Post subject:
Re: Authenticating across the Internet behind a firewall |
|
|
What form of authentication are you using?
Shane
"Steve F." <SteveF@discussions.microsoft.com> wrote in message
news:39AED213-2DFC-472D-B07B-A0F327B91B2C@microsoft.com...
| Quote: | I have users who are behind customer firewalls that say port 80 and 443 are
open but my users do not get the Windows pop-up autentication box and
there
fore get a 401 error message that they do not have access to the site.
How
can they get around this? |
|
|
| Back to top |
|
|
Steve F.
Guest
|
| Posted:
Fri Jan 14, 2005 11:09 pm Post subject:
RE: Authenticating across the Internet behind a firewall |
|
|
I'm not sure, where do I go to find this out?
"Steve F." wrote:
| Quote: | I have users who are behind customer firewalls that say port 80 and 443 are
open but my users do not get the Windows pop-up autentication box and there
fore get a 401 error message that they do not have access to the site. How
can they get around this? |
|
|
| Back to top |
|
|
Steve F.
Guest
|
| Posted:
Sat Jan 15, 2005 4:05 am Post subject:
RE: Authenticating across the Internet behind a firewall |
|
|
Sorry...I think I found out. It is NTLM authentication.
"Steve F." wrote:
| Quote: | I'm not sure, where do I go to find this out?
"Steve F." wrote:
I have users who are behind customer firewalls that say port 80 and 443 are
open but my users do not get the Windows pop-up autentication box and there
fore get a 401 error message that they do not have access to the site. How
can they get around this? |
|
|
| Back to top |
|
|
Hollis D. Paul
Guest
|
| Posted:
Sun Jan 16, 2005 10:16 pm Post subject:
Re: Authenticating across the Internet behind a firewall |
|
|
In article <#xYJcVA$EHA.3472@TK2MSFTNGP14.phx.gbl>, Shane wrote:
| Quote: | NTLM authentication doesn't work behind a firewall. You need to switch to
basic authentication and then they will get the login box. The only problem
is this will transmit their username and password in clear text. So you
need to use SSL only with basic authentication to be secure.
Shane
SteveF, to do this properly, you need to create another virtual web server, and |
create a new portal, basing it on your existing portal, and set this new portal
to use SSL. There is an option in the portal creation sequence that lets you
choose to base the portal on an existing portal, and an article in the SPS
Admin help facility that goes into this in excruciating detail. You need to
look all that stuff up before you start.
Hollis D. Paul [MVP - Outlook]
Hollis@outhousebythesound.com
Mukilteo, WA USA |
|
| Back to top |
|
|
Shane
Guest
|
| Posted:
Mon Jan 17, 2005 12:28 am Post subject:
Re: Authenticating across the Internet behind a firewall |
|
|
NTLM authentication doesn't work behind a firewall. You need to switch to
basic authentication and then they will get the login box. The only problem
is this will transmit their username and password in clear text. So you
need to use SSL only with basic authentication to be secure.
Shane
"Steve F." <SteveF@discussions.microsoft.com> wrote in message
news:B8010E55-4EF1-4C50-B868-A06EDAC0F120@microsoft.com...
| Quote: | Sorry...I think I found out. It is NTLM authentication.
"Steve F." wrote:
I'm not sure, where do I go to find this out?
"Steve F." wrote:
I have users who are behind customer firewalls that say port 80 and 443
are
open but my users do not get the Windows pop-up autentication box and
there
fore get a 401 error message that they do not have access to the site.
How
can they get around this? |
|
|
| Back to top |
|
|
Hollis D. Paul
Guest
|
| Posted:
Mon Jan 17, 2005 5:54 pm Post subject:
Re: Authenticating across the Internet behind a firewall |
|
|
In article <VA.00001e3b.014b2d40@obts-outlookdev.outlookbythesound.mukwoods>,
Hollis D. Paul wrote:
| Quote: | SteveF, to do this properly, you need to create another virtual web server, and
create a new portal, basing it on your existing portal, and set this new portal
to use SSL.
This is really done when you extend the new portal: |
Search the SPPSAdminGuide.chm on Extranet and then select "About Extending a
Virtual Server"
Reasons for extending a virtual server
Generally, you extend a virtual server because you need to add more capacity to
your server, whether that server is a departmental server or one of many in your
server farm. More capacity can mean either more space for Web site content or more
connections to existing Web sites. For example, if you have a site with many
visitors, you can have several virtual servers hosting the same content to
increase the number of concurrent users that you can support and balance the load
for your servers. You can extend a virtual server to do one of the following:
...
Connect to existing content
To have your new virtual server point to a Web site that is already in use, either
to allow for more connections to a site or to allow more than one URL to point to
a site, you can connect to an existing content database. When you extend a virtual
server, you can choose which content database to use. The content databases are
actually listed as virtual servers, and the list contains all virtual servers that
currently exist on the server (in a single-server setting), or in the server farm.
Querying the configuration database generates this list, which is why you must be
connected to the configuration database before you can extend a virtual server.
When you extend and connect to an existing content database, all of the
configuration data about the existing virtual server is applied to the new virtual
server. Any managed paths are also applied. This means that if virtual server A
contains the paths /teams, /sites, and /users, when you extend virtual server B
and connect to the content database for virtual server A, virtual server B will
also have the /teams, /sites, and /users paths. You can direct a user to either
virtual server A or B, and the user will see the same content — A and B are
essentially mirrored virtual servers. For more information about URLs in Windows
SharePoint Services, see the Windows SharePoint Services Resource Kit.
There are more detailed articles in the same extranet list.
Hollis D. Paul [MVP - Outlook]
Hollis@outhousebythesound.com
Mukilteo, WA USA |
|
| Back to top |
|
|
Steve F.
Guest
|
| Posted:
Mon Jan 17, 2005 6:15 pm Post subject:
Re: Authenticating across the Internet behind a firewall |
|
|
Are you telling me that to implement SSL for Sharepoint it is not as simple
as acquiring and applying the certificate to the IIS component like I did
with MS Exchange. Wow that stinks!!
"Hollis D. Paul" wrote:
| Quote: | In article <#xYJcVA$EHA.3472@TK2MSFTNGP14.phx.gbl>, Shane wrote:
NTLM authentication doesn't work behind a firewall. You need to switch to
basic authentication and then they will get the login box. The only problem
is this will transmit their username and password in clear text. So you
need to use SSL only with basic authentication to be secure.
Shane
SteveF, to do this properly, you need to create another virtual web server, and
create a new portal, basing it on your existing portal, and set this new portal
to use SSL. There is an option in the portal creation sequence that lets you
choose to base the portal on an existing portal, and an article in the SPS
Admin help facility that goes into this in excruciating detail. You need to
look all that stuff up before you start.
Hollis D. Paul [MVP - Outlook]
Hollis@outhousebythesound.com
Mukilteo, WA USA
|
|
|
| Back to top |
|
|
Shane
Guest
|
| Posted:
Tue Jan 18, 2005 2:15 am Post subject:
Re: Authenticating across the Internet behind a firewall |
|
|
The way I have done it.
*Create a new site called external.yourdomain.com from within IIS. Set this
site to use basic authentication over SSL only. Install your cert.
*Extend the virtual server and map it to your existing portal db
*Now from Sharepoint Portal admin go to "Configure Alternate Portal Access
Settings" and set the extranet URL to https://external.yourdomain.com. If
you don't do this you have issues with searching.
*Publish the site through the firewall only allowing 443 access.
You may have more smaller issues to work through but this should give you a
good starting direction.
Also, you need to think about security. Using a DMZ and firewall, etc....
different discussion altogther but don't let SharePoint be how they take
over your network. :)
Shane
"Steve F." <SteveF@discussions.microsoft.com> wrote in message
news:E85F61EE-4421-465D-8961-0F3EC2850326@microsoft.com...
| Quote: | Are you telling me that to implement SSL for Sharepoint it is not as
simple
as acquiring and applying the certificate to the IIS component like I did
with MS Exchange. Wow that stinks!!
"Hollis D. Paul" wrote:
In article <#xYJcVA$EHA.3472@TK2MSFTNGP14.phx.gbl>, Shane wrote:
NTLM authentication doesn't work behind a firewall. You need to switch
to
basic authentication and then they will get the login box. The only
problem
is this will transmit their username and password in clear text. So
you
need to use SSL only with basic authentication to be secure.
Shane
SteveF, to do this properly, you need to create another virtual web
server, and
create a new portal, basing it on your existing portal, and set this new
portal
to use SSL. There is an option in the portal creation sequence that lets
you
choose to base the portal on an existing portal, and an article in the
SPS
Admin help facility that goes into this in excruciating detail. You need
to
look all that stuff up before you start.
Hollis D. Paul [MVP - Outlook]
Hollis@outhousebythesound.com
Mukilteo, WA USA
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in