Office SharePoint Server (MOSS) 2007 has an added capability to host content-centric Internet facing sites. These sites, called Publishing Sites, are part of the Web Content Management (WCM) piece to the Enterprise Content Management (ECM) strategy within MOSS 2007. Businesses can now use SharePoint not only for collaboration, but also to host their corporate Internet-facing content-centric Web sites.
One of common, if not the most common, implementations of an Internet-facing content-centric Web site is to have the content owners & authors (typically corporate employees who login to the corporate Active Directory) use their corporate credentials to authenticate against the site using Windows Authentication. The Web site also needs to be available to anonymous users who browse the site from the Internet... not requiring a login. However, at times companies would like to have a way to require some users to authenticate in order to reach restricted areas of the site. Because these Internet users won't have accounts in the corporate Active Directory, presenting them with the typical login dialog pop-up box is not ideal or preferred... instead companies prefer to use Forms Authentication where users can login using an easy to remember username & password.
Thankfully Windows SharePoint Services (WSS) v3, which MOSS 2007 is built on top of, fully supports this type of authentication mechanism. It involves creating two entry paths into the site, called Alternate Access Mappings (AAM), which utilize the ASP.NET 2.0 pluggable authentication provider model to support various authentication mechanisms.
I've written an article (link below) that describes how you can create and configure a MOSS 2007 Publishing Site that will satisfy the following requirements:
- Allow content owners/authors to authenticate on the site using their corporate Active Directory credentials in order to manage the Web site's content.
- Allow unauthenticated, anonymous users, to browse the unrestricted areas of the Web site.
- Require anonymous user to provide a friendly Web-based form to login in order to consume restricted content.
While the article explains how to do it for a MOSS 2007 Publishing Site, this technique will work for any site based off WSS v3. It walks you through the steps of:
- Setting up and configuring a data store to keep the Internet user's credentials
- Creating two Web applications, one for each authentication mechanism
- Configuring the Web applications to communicate with the data store
- Enabling Forms Authentication on one Web application
- Enabling anonymous access
- Configuring a section of the site for authenticated users only