Targeting Corporate Extranets | Building Client/Server Applications Under VB .NET: An Example-Driven Approach

Extranets generally cause a developer the most headaches. Figure 12-1 compares an intranet to an extranet.

click to expand
Figure 12-1: A corporate intranet/extranet

Machines linked in an intranet can use the same Windows Integrated security, but on the extranet that is rarely a desirable situation. Notice in Figure 12-1 that an external corporation is hitting IIS, which is external to the company from which they want information. Usually IIS sits on the boundary of the corporate intranet. Whatever the exact setup is, unless there is a Virtual Personal Network (VPN) that goes directly into your company intranet, the external customer is not going to be able to log on using Windows Authentication. So, you need to come up with another scheme to authenticate the users. You really only have two choices: Forms Authentication and Passport Authentication. This chapter covers setting up Forms Authentication.

Note

You can practice setting up a Passport Authentication scheme by applying for a development and testing Passport account. You can get more information about this at http://www.microsoft.com/myservices/passport. You will also need to install the Passport Software Development Kit (SDK), which you can find at http://msdn.microsoft.com/downloads.

There are many more detailed scenarios than the one you will be creating here. This is designed to be an overview of how to secure an ASP.NET application, but it does not cover all of the details.