ASP.Net Providers from a Web Server in the DMZ

Question

ASP.Net Providers from a Web Server in the DMZ

We have an asp.net intranet web application that uses ASP.net OOTB membership providers and roles.

Now we plan to open the application on the Internet by moving the web server to the DMZ, as shown in the following (crappy) text diagram

             External internal     
internet --- Firewall --- Web server --- Firewall --- App Server --- Database

                             DMZ Intranet

Now the problem is that the asp.net membership and role providers on the web server cannot connect to the sql server due to the internal firewall.

Have you ever encountered such a scenario? Would you recommend opening ports in the internal firewall so that the web server can connect directly to the SQL server? What other alternatives do I have (another who takes his own user himself)?

+3

architecture asp.net deployment asp.net-membership dmz

Nimesh madhavan Oct 22 '08 at 15:49

source share

2 answers

-, DMZ, SQL- , . , - , 1433 SQL-. , .. .

+1

Chris Tybur 22 . '08 15:54

Ben Scheirman · Accepted Answer · 2008-10-22T18:40:26+0000

Changing DMZ policies and opening ports is usually REALLY complicated. You may be able to do better in what I did: expose the WCF service on the network and communicate with it through HTTP on port 80.

Zero friction with local network users, and I just imitate the exact (though crappy) APIs that .NET gives us :)

Edit: for clarification, this means that I have a RemoteRoleProvider that is configured as follows:

<roleManager enabled="true" defaultProvider="RemoteRoleProvider">
   <providers>
      <add name="RemoteRoleProvider" type="MyCorp.RemoteRoleProvider, MyCorp" serviceUrl="http://some_internal_url/RoleProviderService.svc" />
   </providers>
</roleManager>

ASP.Net Providers from a Web Server in the DMZ

More articles: