How To Create An Intranet Site Using Sharepoint 2013

2 Answers 2

You should set up a ReverseProxy with Preauthentication in front of your SharePoint Farm like WebApplicationProxy.

WAP provides a lot of useful stuff:

Security is increased, because only authenticated users can communicate with SharePoint
You can pass one authentication to multiple backend-applications (SharePoint Portal, MySites, Provider Hosted Apps, ...). You can choose between Kerberos and Claims-Tokens. This feature has been improved on Windows Server 2016.
MultiFactorAuthentication is an optional feature
Integration to Office client apps can be improved by using persistent cookies (no login required when opening a document)

Implementing ADFS+WAP is not the easiest task, but it's absolutely worth it.

answered Apr 4 '17 at 15:20

MHeldMHeld

5,033 4 gold badges 24 silver badges 38 bronze badges

Hi, Thank you so much for your valuable suggestion on enhancing security to the application. It was really worth to understand these things. Can you also help me with a high level idea of how to enable my intranet to be accessed from outside the network (Same set of users as in intranet , same domain users).

Apr 5 '17 at 2:37
This can also be achieved with WebApplicationProxy with Kerberos-Authentication. But you have to think about your existing AlternateAccessMappings. If they are "internal" (e.g. sharepoint.company.local), you have to get an public URL linke sharepoint.company.com. My recommendation: Get rid of your "local" URL and only use public Domain. Makes more migration-work, as users have to change all URLs. But it's worth the effort in the long term.

Apr 5 '17 at 6:50

At the WebApp level you will need to edit your authentication settings to enable Anonymous authentication.

Then, set the Anonymous Access Policy for the web app to define what anonymous permissions are available.

Finally, in the site collection itself, grant the required permissions to the anonymous user (it's in the ribbon when on the permissions page).

answered Apr 4 '17 at 6:06

Greg WGreg W

703 3 silver badges 8 bronze badges

I don't require anonymous access. Users would be given login page and they will be authenticated using 2FA. What should i do in this case. (I know about extending the web application to internet zone , but then it will be 2 set of user tokens for the same user, & 2 set of permissions . That will not work)

Apr 4 '17 at 6:11
Then you should edit your question to remove the "made public" and "public facing" wording. What you're describing is either an Extranet or still an Intranet, just accessible from the outside but not "publicly" accessible.

Apr 4 '17 at 6:13
Sorry Greg for the confusion. It's like my intranet users have to access the site from outside the network. Yes you are right. How can i do it. Can i use windows claims for authentication as well.

Apr 5 '17 at 2:24