IIS6 Authentication


Recommended Posts

I have a website that i need to be availabe both internally and externally. I want to use Windows Active directory security

If someone goes to that page internally I do NOT want them to have to authenticate.

If someone tries to get to the same site externally I DO want them to recieve a username and password challenge.

Currently they are not challenged internally or externally.

Link to comment
https://www.neowin.net/forum/topic/398956-iis6-authentication/
Share on other sites

This is just a random poke in the dark but why cant you create a new website.....but use the same source directory...."C:\Inetpub\wwwroot\" (default or whatever yours is) but assign a different port on those.

From outside your network, port forward port 80 and get it to "publish" that port to port 81 say on the webserver, where the other (Internal) website is on port 80....

So when somebody externally connects to your IP address, it connects on port 80, and then the router/firewall will forward the connection to the webserver but on port 81 (External Website Port) which is the port 81.

So if somebody internally connects to the webserver, it connects on port 80 which is the Internal Website Port

From here you could apply AD Authentication on the External Website in IIS and none on the Internal Website.

I Have no idea if this will work, so test it on another machine first!

ChocIST

This is plain simple if the clients which connect to the site from internal are logged on to the domain.

Just set "Windows Authentication" on the IIS Website.

Then you MUST add the site to the "Local Intranet" Securityzone in your clients Internetexplorer. (you can easily do this with group policy)

Result:

If the client comes from an external source, the windows logon popup will appear.

If the client comes from an internal source, and is already logged on the domain, Internet Explorer will automatically use the stored credentials and forward them to IIS so it will automatically log the user on to the site. (if he has the proper rights)

Maybe also use SSL to make it more secure from the outside?

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.