I have an intranet site using integrated authentication. The site is
http://myserver/apps/signup. As long as internal users visit that URL,
they're fine, and authentication works as expected.

I'm also publishing this externally, so I have a public record for
http://apps.acme.com/apps/signup. When external users visit that page, they
are prompted to log in. All fine and good. (Although the users have to
specify a logon domain by using user@acme.com, which they're not used to
doing. If anybody knows how to configure DNS or IIS to fix that, that would
be a bonus.)

The problem is that I only want to publish one URL to my users for
simplicity, so the external one is the only one I use. But when internal
users visit http://apps.acme.com/apps/signup, they're prompted for
credentials.

I assume I need to add a new zone to my DNS server for acme.com and insert
the A record for the internal IP address of the web server. Couple of
questions:

1) Will that stop the internal users from getting prompted for credentials?
2) If I create a zone for acme.com and have only a single A record for
apps.acme.com, will the users still be able to visit other subdomains like
www.acme.com and customers.acme.com? Or will the DNS server simply say it has
no A records for those subdomains on that zone, and simply refuse the
requests?

Brick,
As far as DNS is concerned, you need to publish all records in an internal
copy of the zone: www; customer. etc. whether the actual address is internal
or external. Once you have an internal version you need to publish
everything there.
For auto-logon (not Integrated Authentication, which is something
different), you need to add the site to Trusted Sites. Basically it is using
the setting in IE that is a default for Trusted Sites, to pass through the
current logged on user name and password. Obviously you would not want to
pass this on to an untrusted site. Netbios names are assumed to be local and
are therefore trusted, but FQDN names are not.
For external users, you should be able to set the default domain, in IIS
properties of the web site. This will enable users to enter user name
without the domain suffix.
Hope that s,
Anthony
http://www.airdesk.com


"bnick22" <bnick22@discussions.microsoft.com> wrote in message
news:A83A6CAA-CD74-44DF-B35B-2D40D1DAD857@microsoft.com...
> I have an intranet site using integrated authentication. The site is
> http://myserver/apps/signup. As long as internal users visit that URL,
> they're fine, and authentication works as expected.
>
> I'm also publishing this externally, so I have a public record for
> http://apps.acme.com/apps/signup. When external users visit that page,
> they
> are prompted to log in. All fine and good. (Although the users have to
> specify a logon domain by using user@acme.com, which they're not used to
> doing. If anybody knows how to configure DNS or IIS to fix that, that
> would
> be a bonus.)
>
> The problem is that I only want to publish one URL to my users for
> simplicity, so the external one is the only one I use. But when internal
> users visit http://apps.acme.com/apps/signup, they're prompted for
> credentials.
>
> I assume I need to add a new zone to my DNS server for acme.com and insert
> the A record for the internal IP address of the web server. Couple of
> questions:
>
> 1) Will that stop the internal users from getting prompted for
> credentials?
> 2) If I create a zone for acme.com and have only a single A record for
> apps.acme.com, will the users still be able to visit other subdomains like
> www.acme.com and customers.acme.com? Or will the DNS server simply say it
> has
> no A records for those subdomains on that zone, and simply refuse the
> requests?