In article <B056E806-81F5-49AF-A240-487BE9ABF2D6@microsoft.com>,
PaulWhitmont@discussions.microsoft.com says...
[quoted text, click to view] > Hi all,
>
> Question. We are building a new intranet for the company. Management wants
> people to be required to login when they hit the website from either internal
> or at home (intranet.company.com etc..)
>
> For security reasons, the IIS box is a standalone system in the DMZ with no
> reference to our internal network.
>
> What do you all suggest we do to accomindate this request? What is
> considered "best practice"?
>
> We can either 1. use AD or 2. use a locally stored database of users which
> is a pain to manage, but we could..
There is not much reason to have the server in the DMZ if you are going
to allow access to the domain for authentication.
You should export the user list from the AD structure and import it into
a small table - give users a unique base password (unique to each user)
and have your web app, from an administrative interface, email the user
their user name and password using the information in the table with a
link to the logon site. When they logon give them a menu with a menu
option that lets them change their password and email address.....
Sure, it means they will eventually have two passwords, but their user
names are going to be the same, and they can manage it on their own.
You don't actually have to use a database, you could store the info in
an XML file since it would not have many columns.
[quoted text, click to view] > Hope this explains our situation, thanks in advance for any advise, or
> suggestions.
Yea, it's a PITA, but you don't want a public web server connecting to
the LAN.
--
--
spamfree999@rrohio.com
