Reputation: 123
SharePoint Security
We have a SharePoint site on it's own domain and are debating using Forms Authentication or Active Directory. Really we would like the power of kerberos with the flexibility and transparancy of a forms authentication (like storing the users in sqlserver using sqlmembershipprovider in asp.net). Is there any way to force Active Directory to authenticate against our user store, or can we set up a kerberos authentication server that isn't active directory?
Thanks!
Upvotes: 0
Views: 217
Answers (3)
Reputation: 384
You might also consider using Forefront User Access Gateway (UAG). I have implemented multiple times and it works much better than ISA and in fact, bits are installed along with SharePoint for the User Profile Service - http://www.microsoft.com/en-us/server-cloud/forefront/unified-access-gateway.aspx.
UAG gives you better security and flexibility and it is 'SharePoint Aware'. Based on the technology developed by Whale Communications (purchased by MS), it provides a common gateway for all of your applications (in addition to SharePoint).
There is one 'gotcha' in the way UAG logs out however but I have the fix for you here: http://davidmsterling.blogspot.com/2011/08/sharepoint-logout-with-uag.html.
To date, 20 clients have moved from ISA to Forefront UAG and all love it.
David Sterling - http://davidmsterling.blogspot.com - http://www.sterling-consulting.com - http://www.sharepoint-blog.com
Upvotes: 0
Reputation: 1667
Maybe ADAM might be helpful for your scenario: http://www.microsoft.com/windowsserver2003/adam/default.mspx
The problem with Forms authentication is that it misses some end user GUI controls like: change password, forgot password etc. We implemented it on a project and had to do a lot of coding to achieve good usability for the end users.
Upvotes: 1
Reputation: 121
You might also want to look into using ISA Server to help you out: http://blogs.msdn.com/jannemattila/archive/2007/07/23/isa-moss-makes-life-a-lot-easier-for-fba.aspx
Upvotes: 1