dimanche 30 novembre 2014

Public-facing on-premises SharePoint with NTLM authentication



I've been searching for authentication best practices for public-facing SharePoint site but I didn't find any useful resources on the issue that is troubling me.


Suppose I set up a web application with Classic NTLM authentication. On that web application I enable Anonymous access. This means that users inside organization's network will be able to authenticate (actually use SSO) using organization's DC. They will be able to access and administer all content. All other anonymous users will be able to see published content only i.e. content which is permitted to anonymous users.


My question is: Is this kind of setup a security issue because if a potential attacker hacks a WFE then he has direct access to DC?


Is FBA maybe a better solution for public-facing sites? Or maybe use NTLM, but create a separate domain with one-way trust to organization's domain?








0 commentaires:

Enregistrer un commentaire