Security Guidance

Aug 12, 2008 at 5:54 PM
Edited Aug 12, 2008 at 10:12 PM
Requirement: Provide access to internet users (both anonymous and secure features)

If I login and access Training Management on my intranet (http://gwnserver/TrainingManagement/Prototype) I get consistent results however if I attempt to access it from the internet I get inconsistent results during authentication; sometimes it works, other times it won't and sometimes a mixture of both (as I click links).

The site is an anonymous site, from it you can access a "Prototype" site as well as my SDMS site (open source project which is also anonymous).   Although I have the Prototype site configured as anonymous I trust I'm being prompted for login because of API security (preliminary research indicates I'll have to impersonate).  The login/password for the Prototype site follows:  Login: spgemployee  Pass: codeplex.

Sometimes (rare) login appears to fail, but still logs in.  Most times I have to login with gwnserver\spgemployee (prefixed with my server name) which provides varying levels of success once logged in.

The steps I used to configure security are HERE (did I miss something?).  Before I start my brain-straining session (looking through the SDK) I was curious if you had any guidance available on MOSS 2007 configuration for Internet access (both anonymous and secure)?  

EDITED:  I found that if I login as gwnserver\spgemployee, when it prompts me again for the login information (suggesting it didn't work), I hit cancel, backspace and then click on the Prototype tab again and it shows me as being logged in.  Most of the time I can then navigate, e.g., hit Home - sometimes it prompts me for the login information again.