Windows

General discussion

Locked

IIS4 Intra/Intranet Authentication Probs

By JennL ·
We went the route of assigning specific IP addresses to each site on the IIS 4 server (right now there are 3 sites with multiple virtual directories & sites under them) to try and get authentication to work. Still having a problem linking between the sites:

mycompany.net hyperlinks to:
1. mycompany.net/remote
2. ourintranet

I get the password prompt and can access all the remote files I should be able to (even tested different authorities). However, when I try the link to "ourintranet" I get a page not found error. I've even changed the hyperlink to "ourintranet.mycompany.com/ default.htm" (browsing to the page to make sure it wasn't a simple typo fix).

The intranet is running on the same server as the net but using a different ip address. Ourintranet access is denied except for 2 internal subnets and the mycompany.net domain with anonymous access allowed. We have an internal firewall which is pointing to the ip address for mycompany.net. My understanding is the firewall passes its domain information with the request - so it "should" work (I'm beginning to hate that word more than "if"). Everyone within the subnets can access the intranet internally. I also tried adding the firewall IP address to the "access is denied except" list.

The intranet was designed in FrontPage 2000 and I even added the IIS user groups with browse access for the site through it (when I look at the intranet folder permissions I can now see the 2groups with read access).

Other details: IIS 4 w/ SP6a. Tested on Internet Explorer 4.01 SP2, 5.0 & 5.5 (40 & 128 bit encryption). We do not want to go to clear text passwords. When I took off CHAP authentication on the Intranet I was able toget to it for editing via FrontPage.

Any suggestions?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

IIS4 Intra/Intranet Authentication Probs

by dheupel In reply to IIS4 Intra/Intranet Authe ...

OK, you need to set the permissions on the Intranet to "Allow anonymous access" and then your users should be able to gain access to the Intranet. However, the measure of security on your Intranet can be compromised, as the Intranet's home page address can be bookmarked, and then users can bypass the logon page on the Internet web.

Your security methodology is interesting in so much as that you are requiring internal company users to log into an Internet page to gain access to an Intranet.It seems as though you would want global access to your Internet pages, yet restrict access to your Intranet only to company users. Have you considered putting the Internet and Intranet webs on different servers? That way you could open up the Internet web for public access, and then establish security on the Intranet web. (Just a thought.)

Collapse -

IIS4 Intra/Intranet Authentication Probs

by JennL In reply to IIS4 Intra/Intranet Authe ...

We are requiring the internet log in so our remote sales force can use their own ISP to get access to the intranet (virtual offices, no VPN or dialup into our building). We do have a formal internet web site for customers that, thankfully, IS is not maintaining.

Collapse -

IIS4 Intra/Intranet Authentication Probs

by mpdcsup In reply to IIS4 Intra/Intranet Authe ...

Okay, here goes. If I understand correctly what you have attempted, I'm sorry to inform you that you have been seriously misled because there is a gap in the logic. Please bear with me.

You have 3 sites (each with an unique IP address). At this point, whether the firewall passes the domain or not is irrelevant. Here's why:

Having IIS resolve Host Header Names (the domained passed through by the firewall) is only beneficial for loading a single IP Address and Port combination with morethan one site.

www.site1.mycorp.com -> 10.17.241.23:80 -> IIS sees www.site1.mycorp.com on 10.17.241.23:80 and passes the request to the site handling www.site1.mycorp.com.

www.site2.mycorp.com -> 10.17.241.23:80 -> IIS sees www.site2.mycorp.com on 10.17.241.23:80 and passes the request to the site handling www.site2.mycorp.com.

The Host Header is used to distinguish which site (sharing the same IP Address and Port) was requested. Not your case.

Also, it matters in the least if there is 1, 2 or 3 NICs. Here's why:

You have incoming traffic on three IP Addresses. IIS is bound to IP Addresses and Ports, not to NICs. Even if you were doing routing you'd only need one NIC. The only cases for multiple NICs are: capacity (bandwidth) and security (islolated subnetworks). And this is also not your case because you were fine with just one NIC to start with.

What you want is to provide anonymous access to all 3 sites from within the private network and anonymous access to your Internet site and secure access to the other two from the Internet.

You have already figured out how to secure mycompany.net/remote. Solving your problem stems from here.

Create a mycompany.net/private site that point to the same home directory as ourintranet.

If you (or any user) would like an explanation of the logic, please contact me via my TechRepublic profile.

Collapse -

IIS4 Intra/Intranet Authentication Probs

by JennL In reply to IIS4 Intra/Intranet Authe ...

Talk about thinking out of the box! I have several virtual webs running off our intranet - never thought to make the intranet a virtual web off of the internet to the intranet.
I tested this and it works successfully except for one remote virtual web that's going from the IIS 4 box to a directory on a Novell 4.11 server. A minor detail to iron out.
Thanks for getting me in the right direction!

Collapse -

IIS4 Intra/Intranet Authentication Probs

by JennL In reply to IIS4 Intra/Intranet Authe ...

This question was closed by the author

Related Discussions

Related Forums