2007-05-03

Setting up EpiServer in a trusted domain scenario

The following scenario had to be solved:

Scenario:
  • Users from domain A and a subset of users (S) from domain B shall be able to access a common EPiServer based intranet solution.
  • Other useres (O) in domain B is not to be granted access.
  • Users already logged on either of the domains should not need to enter their credentsials one more time when accessing the intranett.
  • The intranett should also be accesible from the internet, but then going through an ISA server to enhance the security.
Solution:
  • Place EPiServer in a new resource domain C where both domain A and be are trusted.
  • The ISA server only allows users (S) from domain B to access the intranet.
  • Users (O) are not given access to the intranet.
  • Two (IIS 6.0 on a Windows 2003 server) web applications are set up (needing two EPiServer licenses): one with forms authentication (for users comming from the internet), and one with Windows Authentication for users alreade logged on to either of the domains.
  • Both applications accessing the same SQL Server 2005 database. Anononymous access is turned off.
Checklist for setting up the solution(s):
  • Ensure that both DomainA\Domain Users and DomainB\Domain useres have access to read the aspx files. If they don't they will not be able to access the site.
  • Ensure that the editor and the administrator groups in BOTH domains are added to the web.config file to give them access to the /edit and /admin interfaces.
  • Ensure that Windows Authentication really is set
  • Ensure that resource domain (IP- or domain address) is added to the intranet zone in internet explorer (Read more...)

No comments: