Presentation is loading. Please wait.

Presentation is loading. Please wait.

Philadelphia Area SharePoint User Group Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical.

Published byHelena George Modified over 9 years ago

Similar presentations

Presentation on theme: "Philadelphia Area SharePoint User Group Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical."— Presentation transcript:

1 Philadelphia Area SharePoint User Group Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical Consulting www.rjbtech.com russ@rjbtech.com www.rjbtech.com

2 Philadelphia Area SharePoint User Group Agenda 1. Intro SharePoint Extranets and FBA2. Scenarios3. Scenarios4. Challenges5. Demonstration

3 Philadelphia Area SharePoint User Group WHAT IS AN EXTRANET??

4 Philadelphia Area SharePoint User Group EXTRANETS POSE UNIQUE CHALLENGES FOR SHAREPOINT ADMINISTRATORS How can I provide SharePoint sites for our employees to use to collaborate with our customers, suppliers, partners and maintain proper security? How can I keep user accounts & passwords for non-employees in a separate database? How can I delegate management of extranet users to trusted individuals and still maintain proper security control? How can extranet users perform their own password changes? How can I define and gather custom user profile data from my extranet site's users? How can I automate user site requests and site creation?

5 Philadelphia Area SharePoint User Group What is the purpose of FBA? Forms authentication uses an authentication ticket created when a user logs on to a site Validated against a user store, such as a SQL Server database User is redirected to a configured logon page Once authenticated, the user is redirected to the originally requested page Ticket is usually contained inside a cookie Cookie tracks the user throughout the site

6 Philadelphia Area SharePoint User Group For what scenarios is FBA useful? Storing users in Active Directory is not desirable Storing users in Active Directory is not feasible Need customized or proprietary logon page Application integration FBA

7 Philadelphia Area SharePoint User Group What are the issues and limitations with the out-of-the-box features? User self-service features including ‘reset my password’ and profile management Granular governance of site creation process Invitations with definable meta fields User self- registration Management interface to user store Profile field mismatches

8 Philadelphia Area SharePoint User Group Simple Extranet Scenario

9 Philadelphia Area SharePoint User Group Scenario Active Directory in the DMZ –No Trusts Single Server or small farm –All servers in the DMZ All Services in the DMZ –Mail –IM Basic Authentication over HTTPS Digest Authentication (Not Supported)

10 Philadelphia Area SharePoint User Group Scenario All Users must logon Management via Remote Desktop All content stored in portal Ports –TCP 3389 open to intranet for RDP –TCP 80 open to intranet for HTTP –TCP 443 open to extranet for HTTPS

11 Philadelphia Area SharePoint User Group MEDIUM EXTRANET SCENARIO

12 Philadelphia Area SharePoint User Group HIGH COMPLEXITY SCENARIO

13 Philadelphia Area SharePoint User Group User Challenges Authentication –Users don’t like being asked for identity –Use SSO to access other resources URLS –Store content on the portal –Put content links on the portal

14 Philadelphia Area SharePoint User Group Technical Challenges Authentication SSL Account Creation and Maintentance Site Creation Process

15 Philadelphia Area SharePoint User Group Common Challenges Where should I locate my servers? How is my firewall affected? What other solutions should be considered? Authentication Security High Availability How does this effect my SharePoint architecture? Do I really need another SharePoint Farm?

16 Philadelphia Area SharePoint User Group Authentication Basic over https Integrated –NTLM –Kerberos Digest –Single web server or web farm with affinity –Not Supported Custom –ISAPI Filter with persistent cookie –Not Supported

17 Philadelphia Area SharePoint User Group Custom Authentication Must create a valid Windows Principal Must attach context to thread before entering.Net pipeline –Ows.dll is an ISAPI extension –ISAPI extensions cannot be chained Build an ISAPI filter –Create and manage Windows Principal –Embed basic authentication headers in request

18 Philadelphia Area SharePoint User Group Service Level Agreements End User training Information lifecycle controls Communicating with external users Acceptable Use Policies Extranet Governance

19 Philadelphia Area SharePoint User Group Questions and Discussion

Download ppt "Philadelphia Area SharePoint User Group Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical."

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Welcome to the Minnesota SharePoint User Group September 9 th, 2009 Building Extranets with SharePoint Brian Caauwe Meeting.

Welcome to the Minnesota SharePoint User Group September 9 th, 2009 Building Extranets with SharePoint Brian Caauwe Meeting.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.

1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Identity and Access Management

Identity and Access Management
Philadelphia Area SharePoint User Group www.PhillySharePoint.org Welcome to the Philadelphia Area SharePoint User Group Russ Basiura SharePoint Consultant.

Philadelphia Area SharePoint User Group Welcome to the Philadelphia Area SharePoint User Group Russ Basiura SharePoint Consultant.
Delegated Admin Tool Overview Training Module. Honeywell Proprietary Honeywell.com  2 Document control number Delegated Admin Tool The delegated admin.

Delegated Admin Tool Overview Training Module. Honeywell Proprietary Honeywell.com  2 Document control number Delegated Admin Tool The delegated admin.
Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.

Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.
The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.

The World's Most Secured Browsing Solution COCKPIT4i is a radically new, powerful solution that protects against the security risks posed by exposure to.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Welcome to the Minnesota SharePoint User Group. Introductions / Overview Project Tracking / Management / Collaboration via SharePoint Multiple Audiences.

Welcome to the Minnesota SharePoint User Group. Introductions / Overview Project Tracking / Management / Collaboration via SharePoint Multiple Audiences.
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.

Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

Similar presentations

Ads by Google