MCTS Self-Paced Training Kit (Exam 70-667): Configuring Microsoft® SharePoint® 2010: Managing Web Applications
- Before You Begin
- Lesson 1: Configure Web Applications
- Lesson 2: Configure Authentication
- Lesson 3: Configure Authentication Zones and Alternate Access Mappings
- Chapter Review
- Chapter Summary
- Key Terms
- Case Scenario: Troubleshooting Web Application Configuration
- Suggested Practices
- Take a Practice Test
The logical components that allow SharePoint to receive and process a request for content are the web application itself, its five zones, the alternate access mappings associated with each zone, the IIS Web site associated with each zone, and the bindings on the website.
A user submits a request using the public URL of the web application zone. The request can be modified by an intermediary device, such as an off-box SSL terminator or a reverse proxy, before being forwarded to the front-end web server. The request received by IIS is matched to an IIS Web site based on the site’s bindings, which often are based on a host header or, in the case of SSL, a dedicated IP address. The request is then passed to SharePoint, which examines the request’s URL and, by identifying a matching the URL with the internal URLs in the web application’s Alternate Access Mappings (AAM) collection. The matching URL identifies the zone with which the request will be processed. The zone determines the authentication and policies applied to the request.
Authentication is managed by one of three authentication providers: Windows, forms based authentication, and SAML-token based authentication. In Classic Mode Authentication, only Windows is supported, but in Claims Based Authentication, all three providers are supported, and you can use multiple providers in a single zone.
You can also enable anonymous authentication on a zone. However, a site collection administrator must also enable anonymous access and assign anonymous users permissions to content within a site. You can use enforce restrictions on the maximum access granted to anonymous users on a per-zone basis.
As you design your environment, you must be aware of which settings are scoped to a web application, to individual zones, and to IIS Web sites. This will help you determine the logical architecture that will meet your requirements.