Philadelphia Area SharePoint User Group Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical.

Slides:



Advertisements
Similar presentations
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Advertisements

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Welcome to the Minnesota SharePoint User Group September 9 th, 2009 Building Extranets with SharePoint Brian Caauwe Meeting.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Identity and Access Management
Philadelphia Area SharePoint User Group Welcome to the Philadelphia Area SharePoint User Group Russ Basiura SharePoint Consultant.
Delegated Admin Tool Overview Training Module. Honeywell Proprietary Honeywell.com  2 Document control number Delegated Admin Tool The delegated admin.
Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.
The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Welcome to the Minnesota SharePoint User Group. Introductions / Overview Project Tracking / Management / Collaboration via SharePoint Multiple Audiences.
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Extranet Collaboration Manager Professionally manage your SharePoint Extranet and Users Peter Roth (408)
Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.
A Close Look Inside the SharePoint Engine Randy Williams, MVP MOSS Synergy Corporate Technologies
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Session 11: Security with ASP.NET
Access Gateway Operation
Module 8 Configuring and Securing SharePoint Services and Service Applications.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
RJB Technical Consulting Microsoft Office SharePoint Server 2007 Governance Russ Basiura RJB Technical Consulting.
Welcome to PhillySharePoint Russ Basiura
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
 What is intranet What is intranet  FeaturesFeatures  ArchitectureArchitecture  MeritsMerits  applicationsapplications  What is ExtranetWhat is.
Welcome to the Delaware Valley SharePoint User Group Russ Basiura SharePoint Consultant RJB Technical Consulting
Project Server 2003: DC340: Security (Part 1 of 2): How to securely deploy Project Server in an enterprise environment Pradeep GanapathyRaj (PM), Karthik.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
Module 4 : Installation Jong S. Bok
RJB Technical Consulting Microsoft Office SharePoint Server 2007 Deployment – Do’s and Don’ts Russ Basiura.
Grid Chemistry System Architecture Overview Akylbek Zhumabayev.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Designing Secure SharePoint External Access Ondrej Sevecek | MCM: Directory | MVP: Security |
Module 11: Securing a Microsoft ASP.NET Web Application.
Integrating and Troubleshooting Citrix Access Gateway.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
JTC Consulting Group Knowledge Management System Jennifer Leigh Carlos Pena Terry Yong 1.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Web Services Security Patterns Alex Mackman CM Group Ltd
Module 1: Overview of Microsoft Office SharePoint Server 2007.
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
Designing a Secure Extranet with Sharepoint Russ Basiura Principal Consultant RJB Technical Consulting
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Unlocking the Secrets of Alfresco Authentication Mehdi BELMEKKI, Consultancy Team Alfresco.
PremierPoint Solutions Announces Significant New Features in Extranet Collaboration Manager for SharePoint 2013 R2 1888PressRelease - PremierPoint Solutions.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Stop Those Prying Eyes Getting to Your Data
Securing the Network Perimeter with ISA 2004
Creating Novell Portal Services Gadgets: An Architectural Overview
What Is Sharepoint? Mohsen Ashkboos
Presentation transcript:

Philadelphia Area SharePoint User Group Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical Consulting

Philadelphia Area SharePoint User Group Agenda 1. Intro SharePoint Extranets and FBA2. Scenarios3. Scenarios4. Challenges5. Demonstration

Philadelphia Area SharePoint User Group WHAT IS AN EXTRANET??

Philadelphia Area SharePoint User Group EXTRANETS POSE UNIQUE CHALLENGES FOR SHAREPOINT ADMINISTRATORS How can I provide SharePoint sites for our employees to use to collaborate with our customers, suppliers, partners and maintain proper security? How can I keep user accounts & passwords for non-employees in a separate database? How can I delegate management of extranet users to trusted individuals and still maintain proper security control? How can extranet users perform their own password changes? How can I define and gather custom user profile data from my extranet site's users? How can I automate user site requests and site creation?

Philadelphia Area SharePoint User Group What is the purpose of FBA? Forms authentication uses an authentication ticket created when a user logs on to a site Validated against a user store, such as a SQL Server database User is redirected to a configured logon page Once authenticated, the user is redirected to the originally requested page Ticket is usually contained inside a cookie Cookie tracks the user throughout the site

Philadelphia Area SharePoint User Group For what scenarios is FBA useful? Storing users in Active Directory is not desirable Storing users in Active Directory is not feasible Need customized or proprietary logon page Application integration FBA

Philadelphia Area SharePoint User Group What are the issues and limitations with the out-of-the-box features? User self-service features including ‘reset my password’ and profile management Granular governance of site creation process Invitations with definable meta fields User self- registration Management interface to user store Profile field mismatches

Philadelphia Area SharePoint User Group Simple Extranet Scenario

Philadelphia Area SharePoint User Group Scenario Active Directory in the DMZ –No Trusts Single Server or small farm –All servers in the DMZ All Services in the DMZ –Mail –IM Basic Authentication over HTTPS Digest Authentication (Not Supported)

Philadelphia Area SharePoint User Group Scenario All Users must logon Management via Remote Desktop All content stored in portal Ports –TCP 3389 open to intranet for RDP –TCP 80 open to intranet for HTTP –TCP 443 open to extranet for HTTPS

Philadelphia Area SharePoint User Group MEDIUM EXTRANET SCENARIO

Philadelphia Area SharePoint User Group HIGH COMPLEXITY SCENARIO

Philadelphia Area SharePoint User Group User Challenges Authentication –Users don’t like being asked for identity –Use SSO to access other resources URLS –Store content on the portal –Put content links on the portal

Philadelphia Area SharePoint User Group Technical Challenges Authentication SSL Account Creation and Maintentance Site Creation Process

Philadelphia Area SharePoint User Group Common Challenges Where should I locate my servers? How is my firewall affected? What other solutions should be considered? Authentication Security High Availability How does this effect my SharePoint architecture? Do I really need another SharePoint Farm?

Philadelphia Area SharePoint User Group Authentication Basic over https Integrated –NTLM –Kerberos Digest –Single web server or web farm with affinity –Not Supported Custom –ISAPI Filter with persistent cookie –Not Supported

Philadelphia Area SharePoint User Group Custom Authentication Must create a valid Windows Principal Must attach context to thread before entering.Net pipeline –Ows.dll is an ISAPI extension –ISAPI extensions cannot be chained Build an ISAPI filter –Create and manage Windows Principal –Embed basic authentication headers in request

Philadelphia Area SharePoint User Group Service Level Agreements End User training Information lifecycle controls Communicating with external users Acceptable Use Policies Extranet Governance

Philadelphia Area SharePoint User Group Questions and Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.