In the last couple of months we have been busy dealing with clients who wanted to setup a SharePoint 2010 extranet. The use cases varied from sharing meeting minutes, regulations and other documents with a couple of partners in a closed user group environment available on the internet to being able to host hundreds of project portals, all for different closed user groups.
(Click image to enlarge)
The first hurdle when setting up an extranet collaboration portal for a closed user group is finding a decent way to authenticate users. Some clients opted for using their Active Directory as a data source for members. This has an advantage in that it is possible to increase the level of security using ISA server or its predecessor UAG. However, this puts an extra burden on IT and could still potentially allow users access to the company’s domain. This is where Microsoft ASP.NET’s so called Forms Based Authentication (FBA) comes into play. Using ASP.NET it is possible to create a SQL database that will act as a directory for users that have access to the extranet portal. With some additional tools, business users can add and remove users from this directory, so there is no increased burden on the IT department. The biggest disadvantage of this approach, however, is that each extranet portal requires its own SharePoint web application. That means that the IT department still needs to help setting things up. In a scenario where a project manager wants to quickly deploy a project portal for collaboration with his partners, suppliers or clients this may not be the ideal solution. Also, SharePoint is known for its limits and one such limitation of SharePoint is that server performance will break when you have little more than twenty web applications running on a server. So if you wanted to deploy 100 extranet portals you would end up needing five servers.
To overcome these challenges, we have extended the basis ASP.NET FBA software so that extranet portals are created as site collections rather than web applications, whilst still being able to keep up a reliable security model, meaning that user A cannot access extranet collaboration portal B if he’s not been explicitly added by portal B’s site collection administrator. Also, the owner of portal B does not have automatically access to portal A, C etc.
With each extranet portal being a site collection rather than a web application the number of portals has become virtually unlimited which is great news. In addition, we’ve developed a SharePoint 2010 solution that fully automates the creation of such an extranet portal. So no hassle for IT. Simply by filling out a form, a power user can create a new extranet portal and delegate ownership of that portal for example to the project manager. The owner of the portal can then continue giving partners, suppliers and clients access to his portal simply by adding them to the user directory using their email addresses. Users receive an invitation email with an activation link to set their password and have the option to reset their password when they have forgotten it.
With SharePoint 2010 it is also possible to run both FBA and Windows Integrated Authentication in parallel. This means that domain users can access the same extranet portal simply from the local intranet by firing up their Internet Explorer browser without the need to enter a user name and password.
Our solution builds on top of SharePoint 2010 Foundation. This means that you can start deploying extranet portals almost for free. The only license you need is the windows server internet connector.
If this sounds interesting to you, please feel free contacting me using the form next to my ad http://www.sharepointappmarket.com/ads/sharepoint-extranet-manager/.