Re: PLEASE HELP! Authentication problem

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 03/16/05 

Date: Wed, 16 Mar 2005 21:29:46 +1000

Have you considered ISA Server Web Publishing?

firewall --- ISA Server ---- firewall ---- IIS ---- Active Directory
    |------------DMZ---------------|

ISA Server acts as a reverse proxy to the IIS box, so you only need to open
port 443 on your internal firewall. ISA Server can be configured to only
accept valid types of requests, and reject everything else (so attempt to
exploit vulnerabilities in IIS will be rejected by ISA Server, without being
sent to IIS).

Otherwise, you probably need to look at separate forests and one-way trusts,
or a sub-domain in the DMZ where the trust does not flow back up the tree
(is that possible to configure?)

Cheers
Ken

"adbos" <allemagnus@wp.pl> wrote in message
news:d18vmr$mhq$1@inews.gazeta.pl...
: Hi, we have a Windows 2000 Active Directory implemented. My company is
: planning to create an intranet application and give a possibility to our
: clients (and they have accounts in our AD) to log on from internet and use
: that application. So, that app. will be placed in DMZ and IIS (placed in
DMZ
: to) will have to have an ability to LDAP query AD if that particular user
is
: authorized to use that app. and if password is ok. We are testing secure
: LDAP query and it works fine. There is only one problem for as. If someone
: break in on that server in DMZ, he will have an access to our AD and that
is
: what we do not wont!
:
: I'm looking for some secure solution:)
:
: I know about ONT's UIdP solution, but my company doesn't like it:(
:
: PLEASE HELP
:
:
:

Relevant Pages

  • Re: PLEASE HELP! Authentication problem
    ... > Have you considered ISA Server Web Publishing? ... > ISA Server acts as a reverse proxy to the IIS box, ... > or a sub-domain in the DMZ where the trust does not flow back up the tree ... LDAP query and it works fine. ...
    (microsoft.public.inetserver.iis)
  • Re: IIS AD authentication on Perimeter server
    ... setup AD in DMZ with a one-way trust to the domain ... put IIS in your internal network. ... Use ISA Server in the DMZ to ...
    (microsoft.public.inetserver.iis.security)
  • Re: ISA 2006 server cant access the internet - help with rule
    ... Meant "To: Internal" (not Internet) ... There isn't supposed to be an IIS on the ISA. ... The features and limitations of a single-homed ISA Server 2004 computer ...
    (microsoft.public.isa)
  • Re: Domain Authenication with the public dmz
    ... You could have a separate domain in the DMZ. ... But my personal suggestion is look at ISA Server web publishing. ... through to the IIS box. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: 403 Forbidden Error
    ... Is there any other related source, because still i am getting the same 403 ... I run the Microsoft ISA Server Best Practices ... Our case is single Network adaptor senario if i install IIS in ISA server ... internet user can not able to browse bacause internet and IIS both are using ...
    (microsoft.public.isa.publishing)