I am working on developing our company’s Internet website.

The webserver running IIS 6.0 is located across the firewall in a DMZ in its own Windows domain and I am planning on doing the development from my computer located on our LAN in a different windows domain. The webserver is not dual-homed (only connected to the firewall PIX) and we have not built any trust relations between these two domains as we want to minimize interdependencies for security reasons. Tools to be used are VS 2005, ASP.NET 2.0 and some 3^rd party tools.

 

 

Questions are:

How do I develop this site from my computer which is in a different domain and on the other side of the firewall? Is this type of development mode even feasible?

Or would the best practice be to develop the site locally and then deploy the website project on the webserver via a msi setup package or by using the FTP feature?

How would the user authentication work?

 

Any feedback, article links etc. will be much appreciated.

Thanks in advance.

 

-Yodhava

 

 

Debugging Remotely requires specialized setup, which would be difficult to setup within your current environment, so  I recommend developing localy and using one of the many different deployment methods built incorporated with VS2005.  Here are some links about deployment

http://weblogs.asp.net/scottgu/archive/2005/11/06/429723.aspx

http://west-wind.com/weblog/posts/5601.aspx

http://msdn2.microsoft.com/en-us/asp.net/aa336619.aspx

THanks for the deployment article pointers.

But how would user authentication and authorization work in this setup? How would the app running on the webserver on the other side of the firewall detect and connect to the SQL Server running inside our corporate network within a different domain?

 

Since this is an internet website and not a intranet site, I would suggest using forms authentication to do user authentication.  For communication between the webserver and the sql server you will need to open up the correct ports in the firewall and setup a sql server account for authentication.  This account should be a low privilege account and only have permissions on the views and stored procs needed for your website to work correctly. 

thanks, i will give that a try.

If you run into any issues repost and I will try and help you work through them.  If you consider this answered and closed please mark the post as such :).

I found this topic very interesting, as i am going through the same scenario.

To get this scenario of authorization.

I created a ASP.NET 2.0 web application to authenticate against an Active Directory and i am providing linkbuttons based on the roles of the athenticated users to navigate them to another website which exists in the internal webserver of our corporate network across ISA server 2006 Firewall.
ASP.NET 2.0 exists in DMZ on one side of the Firewall and the internal webserver and Active Directory exists (in corporate network) on the other side of the Firewall.

Now the question is: How can i secure the internal website? When the user clicks the linkbutton i need to expose the internal website to that authenticated user and hide or mask the URL which comes up in the address bar, so that user cannot get to the internal website by placing the URL in a new browser window.

Can anything be done in the ASP.NET web application?  and how the ISA proxy Server Firewall be configured?

Please provide any reference or suggest in this regard. Appreciate your help.