Announcement

Collapse
No announcement yet.

Allowing IIS web application server in DMZ to authenticate AD users. Not on AD domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Allowing IIS web application server in DMZ to authenticate AD users. Not on AD domain

    Hi All

    We have a new requirement and I have asked to find a solution to something we want to implement and wanted to know if AD LDS would be the right way to do this.

    We have a web server in our DMZ and a new IIS based application is being built which our customers will use to authenticate with to login to the system. The IIS server will be configured to support federation using Google, facebook etc. However our internal users who are joined to our Active Directory domain will also need access.

    As the server is in the DMZ and isn't connected to our domain we need someway for the IIS application to support AD authentication as well for these users to login otherwise we will need to create separate logins which will be an administrative nightmare.

    The web server is Windows Server 2008 R2 and our AD is 2008 R2 with forest and domain functional levels set to WIndows 2008 R2.

    We also use ADFS 2012 R2 to allow internal applications (connected to the domain) through ADFS and web application proxy for external based access.

    My question is what options are available to us to address this new requirement? any advice on this would be most appreciated.

    Thanks

  • #2
    Have you seen this response to a similar Q on Microsoft's forum? It may contain some helpful information.
    https://social.technet.microsoft.com...um=winserverDS
    A recent poll suggests that 6 out of 7 dwarfs are not happy

    Comment

    Working...
    X