Sharing site on 2 ports in IIS6

[macrospect]

Maybe someone could tell me if this is possible and how to do it since I am stumped at this point. I have a SharePoint site which I need to allow 2 forms of access to. My requirement is that both of them need to have SSL enabled for security reasons. For internal users, I currently have them access using https://site.sp.com. It uses Windows authentication, which uses their domain-credentials to automatically authenticate. All is great here.

My complication is that we have clients who also have their own internal SharePoint system so what is happening is it is trying to authenticate them using their Windows credentials to our SP site which obviously fails.

My solution was to have 2 different web applications, 1 on the normal port 443 which uses Windows Authentication and the other on port 1234 which uses Forms Authentication. This way when they go to https://site.sp.com:1234 they can use the forms authentication to authenticate and once authenticated they will see the same content as if they went to the site on 443.

This works great with HTTP but the problem is when I try to setup using HTTPS the site is no longer reachable internally.

Any ideas what I may be doing wrong here?

 

[jadams]

I'm a little unfamiliar with IIS previous to version 7, but isnt it possible to have two sites running on the same port so long as the hostname binding is different. This works for HTTP, but I never tried it for HTTPS.

 

[macrospect]

Are you referring to the https part (port 443)? Both sites have identical URLs (https://site.sp.com) but the difference is the one with forms was going to be on port 1234 (obviously the users will need to enter this) so it would look like https://site.sp.com:1234. Not sure if this is possible. I got to the point where I have it setup but the one site will not start since it says that the process is in use, even though nothing is using port 1234.

 

[dashpuppy]

Maybe someone could tell me if this is possible and how to do it since I am stumped at this point. I have a SharePoint site which I need to allow 2 forms of access to. My requirement is that both of them need to have SSL enabled for security reasons. For internal users, I currently have them access using https://site.sp.com. It uses Windows authentication, which uses their domain-credentials to automatically authenticate. All is great here.

My complication is that we have clients who also have their own internal SharePoint system so what is happening is it is trying to authenticate them using their Windows credentials to our SP site which obviously fails.

My solution was to have 2 different web applications, 1 on the normal port 443 which uses Windows Authentication and the other on port 1234 which uses Forms Authentication. This way when they go to https://site.sp.com:1234 they can use the forms authentication to authenticate and once authenticated they will see the same content as if they went to the site on 443.

This works great with HTTP but the problem is when I try to setup using HTTPS the site is no longer reachable internally.

Any ideas what I may be doing wrong here?

is this on one server or 2 servers ?

https://whatever.com
http://theotherwhatever.com

?

 

[jadams]

What I mean is that instead of having:

https://domain:443
and
https://domain:1234

do

https://site1.domain:443
https://site2.domain:443

IIS should distinguish between the two.

make the hostname bind different, not the port.

 

[dashpuppy]

What I mean is that instead of having:

https://domain:443
and
https://domain:1234

do

https://site1.domain:443
https://site2.domain:443

IIS should distinguish between the two.

make the hostname bind different, not the port.

You shouldn't need the 443 on the end if the firewall is pointing to that internal ip..

 

[jadams]

You shouldn't need the 443 on the end if the firewall is pointing to that internal ip..

i know, I was pointing it out to make it clear that the two sites can run on the same port so long as they have different hostnames.

This seems like a better solution?

 

[macrospect]

Sorry I did not make it clearer that this is all on the same server. For the regular HTTPS site I was just making a point that there is an invisible 443 on the end of the URL but it is not needed when accessing the site. If I make the URLs different like https://site1.sp.com and https://site2.sp.com, would this work? I thought that you could not have 2 different sites on the same server, using the same port (443 in this example)? Thanks for the clarifications!

 

[RiDDLeRThC]

I don't think you can bind two https hosts with the same name. they need their own IPs

 

[renixinq]

Yes, you can do https://site1.sp.com and https://site2.sp.com in IIS6 on the same server.

Let's just say you are using the default website for your windows authenticated website and the server is named site1. The next steps is to create a new website named site2 with an HTTP header for site2.sp.com. Now point that site back to the same directory and change the authentiation setting on that site. Next you need to create a static host record in DNS pointing site2.sp.com back to the site1 IP. And you're done. Now that said if you are doing SSL you will either need a multi-domain cert (*.sp.com) or a separate cert for each site (one for site1.sp.com and one for site2.sp.com).

Hope that helps.

 

[Protoform-X]

Yes, you can do https://site1.sp.com and https://site2.sp.com in IIS6 on the same server.

Let's just say you are using the default website for your windows authenticated website and the server is named site1. The next steps is to create a new website named site2 with an HTTP header for site2.sp.com. Now point that site back to the same directory and change the authentiation setting on that site. Next you need to create a static host record in DNS pointing site2.sp.com back to the site1 IP. And you're done. Now that said if you are doing SSL you will either need a multi-domain cert (*.sp.com) or a separate cert for each site (one for site1.sp.com and one for site2.sp.com).

Hope that helps.

This is the best-practice solution for what the OP is asking.

 

[jadams]

Yes, you can do https://site1.sp.com and https://site2.sp.com in IIS6 on the same server.

Let's just say you are using the default website for your windows authenticated website and the server is named site1. The next steps is to create a new website named site2 with an HTTP header for site2.sp.com. Now point that site back to the same directory and change the authentiation setting on that site. Next you need to create a static host record in DNS pointing site2.sp.com back to the site1 IP. And you're done. Now that said if you are doing SSL you will either need a multi-domain cert (*.sp.com) or a separate cert for each site (one for site1.sp.com and one for site2.sp.com).

Hope that helps.

This is the best-practice solution for what the OP is asking.

This is what I suggested. Thanks for confirming. Just wasnt sure if it was available in IIS6. That was before my time.