Export (0) Print
Expand All

Prepare to crawl host-named sites that use Basic authentication

Office 2007

Updated: June 12, 2008

Applies To: Windows SharePoint Services 3.0

 

Topic Last Modified: 2008-09-19

In this article:

When configuring a Web application to use host-named sites, Web hosters typically use Basic authentication for the default zone. The index component of the search server, sometimes called the crawler, cannot crawl host-named Web sites that are deployed in the usual way for the following reasons:

  • The crawler cannot authenticate using Basic authentication.

  • Host-named sites do not enable the index component of the search server to authenticate by using another zone in the polling order.

For more information about how polling order works with non-host-named sites, see the “Authentication requirements for crawling content” section in Plan authentication methods (Windows SharePoint Services).

This article describes how to create a solution in Windows SharePoint Services 3.0 so the crawler can crawl your host-named sites. The components of the solution are to:

  • Create two zones for your Web application.

  • Direct requests from end-users to the default zone, which is configured for Basic authentication.

  • Direct requests from intranet users and the crawler directly to the Intranet zone, which you configure for NTLM authentication.

The procedures included in this solution require the following types of administrators:

  • Domain Name System (DNS) administrator

  • Server administrator

  • Farm administrator

Other requirements include:

  • Two DNS servers: one Internet-facing DNS server, and one intranet-facing DNS server.

  • Two static IP addresses: one from the Internet-facing DNS server, and a different static IP address from the intranet-facing DNS server. These two IP addresses must be associated with the same site name.

This solution assumes the following:

  • A server administrator either configures separate network interface cards (NICs) on all front-end Web servers in the server farm with both static IP addresses or adds both static IP addresses to one NIC.

  • The search server that you will use for your Web application is running.

  • You do not have another Web application using port 80.

    NoteNote:
    Although it is possible to implement this solution by using a different port (as long as both zones use the same port), port 80 is typically used so end-users do not see a port number in the URL of their host-named site.

The following figure shows a high-level overview of this solution.

Crawl host-named sites - basic authentication

This solution requires two DNS servers. Each DNS server maps the same host name to a different static IP address. This is typically referred to as a split DNS environment. The Internet-facing DNS server resolves the URL of the host-named site to the default zone of your Web application. This is the zone end-users use to access the site using Basic authentication. The intranet-facing DNS server resolves this same URL to an IP address that is mapped to the Intranet zone of your Web application. This is the zone that intranet users and the crawler use to access the site using NTLM authentication.

This mapping is possible because when a new zone is created by extending the Web application, Windows SharePoint Services 3.0 creates an Internet Information Services (IIS) Web site for that zone. A server administrator can use IIS Manager to map a static IP address directly to an IIS Web site, which is associated with a particular zone of a particular Web application.

The following list describes the high-level steps for this solution.

  1. The farm administrator uses the Central Administration Web site to create a Web application on port 80 without a host header assigned to it.

  2. The farm administrator configures the default zone of this Web application to use Basic authentication.

  3. The farm administrator extends the Web application, specifies the host header name, and then specifies NTLM authentication on the intranet zone.

  4. The DNS administrator maps the site name to the static IP addresses in DNS.

  5. The server administrator uses IIS Manager to perform the following actions:

    • Map the static IP address from the Internet-facing DNS server to the IIS Web site that is associated with the default zone (that is, the zone that uses Basic authentication) of your Web application.

    • Map the static IP address from the intranet-facing DNS server to the IIS Web site associated with the Intranet zone (that is, the zone that uses NTLM authentication) of your Web application, and remove the IIS host header that was assigned to this site in step 3.

  6. The server administrator creates a host header-based site collection by using the Stsadm command-line utility.

    NoteNote:
    You must use the Stsadm command-line utility to specify the URL that you want for your host header-based site collection.
  7. The farm administrator can grant permissions to the Web application and the site collection administrator can grant permissions to the site collection.

Use the following procedures in the order listed to deploy the solution described earlier in this article.

Create Web application
  1. Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint 3.0 Central Administration.

  2. On the top link bar of the Central Administration home page, click Application Management.

  3. On the Application Management page, in the SharePoint Web Application Management section, click Create or extend Web application.

  4. On the Create or Extend Web Application page, in the Adding a SharePoint Web Application section, click Create a new Web application.

  5. On the Create New Web Application page, in the IIS Web Site section, configure the following settings for your new Web application.

    1. Accept the default setting, Create a new IIS web site, and then type a name for the Web site in the Description box.

    2. In the Port box, type 80.

    3. Ensure that the Host Header box is blank.

  6. In the Application Pool section, select Use existing application pool, or accept the default setting, Create new application pool. If you are creating a new application pool, specify the security account to use for the new application pool.

  7. In the Search Server section, select the search server that you want to use to index this Web application from the Select Windows SharePoint Services search server list.

  8. Click OK.

Perform the following procedure on all front-end Web servers in the server farm.

Restart IIS
  1. Click Start and then click Run.

  2. In the Run dialog box, in the Open box, type cmd, and then click OK.

  3. At the command prompt, type the following command, and then press ENTER:

    iisreset /noforce

  4. Close the command prompt window.

Perform the following procedure to configure the Web application to use Basic authentication.

Configure the default zone to use Basic authentication
  1. On the Central Administration home page, click Application Management.

  2. On the Application Management page, in the Application Security section, click Authentication providers.

  3. On the Authentication Providers page, in the Zone column, click Default.

  4. In the IIS Authentication Settings section, select Basic authentication (password is sent in clear text).

  5. Click Save.

Use the following procedure to extend the Web application to create a new zone that uses NTLM authentication.

Extend the Web application
  1. On the Central Administration home page, click Application Management.

  2. On the Application Management page, in the SharePoint Web Application Management section, click Create or extend Web application.

  3. On the Create or Extend Web Application page, in the Adding a SharePoint Web Application section, click Extend an existing Web application.

  4. On the Extend Web Application to Another IIS Web Site page, in the Web Application section, on the Web Application menu, click Change Web Application.

  5. On the Select Web Application page, select the Web application you want to extend. This is the Web application you created earlier in this article.

  6. In the IIS Web Site section, do the following:

    1. In the Description box, type a description for the new site.

    2. In the Port box, type 80.

    3. In the Host Header box, type a host header name.

  7. In the Security Configuration section, ensure that NTLM is selected.

  8. In the Load Balanced URL section, select the zone you want to use, (in this example, Intranet.)

    NoteNote:
    The intranet-facing DNS server must be able to resolve this load-balanced URL to the static IP address that you assign to the Web site that you configure to use NTLM authentication.
  9. Click OK.

Perform the following procedure on all front-end Web servers in the server farm.

Restart IIS
  1. Click Start and then click Run.

  2. In the Run dialog box, in the Open box, type cmd, and then click OK.

  3. At the command prompt, type the following command, and then press ENTER:

    iisreset /noforce

  4. Close the command prompt window.

Host-named sites enable farm administrators to choose the name they want to use in the URL for their sites. Note that the name (that is, the URL) must be a unique name on the domain. The administrator for the Internet-facing DNS server must map the site name chosen by the farm administrator to the appropriate static IP address. In a later step, the server administrator maps this static IP address to the IIS Web site that is configured to use the default zone used by the Web application.

Likewise, the administrator for the intranet-facing DNS server must map this same site name to a different static IP address. In a later step, the server administrator will map this static IP address to the IIS Web site that is configured to use the Intranet zone used by the Web application. Additionally, this DNS administrator must also map the host header name that the farm administrator used when extending the Web application to this static IP address. Even though this host name is removed in a later procedure, this host name is used by the crawler to access the Web application on the Intranet zone.

The following procedure must be performed by a server administrator on each front-end Web server in the server farm.

Map the static IP addresses to the Web sites
  1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In the console tree, expand the local computer node, expand Web Sites, right-click the Web site you configured for Basic authentication, and then click Properties.

  3. In the Properties dialog box, on the Web Site tab, in the Web site identification section, in the IP address list, select the IP address that you want to map to the customer-facing Web site.

  4. Click OK to close the Properties dialog box.

  5. In the console tree, right-click the Web site you configured for NTLM authentication, and then click Properties.

  6. In the Properties dialog box, on the Web Site tab, in the Web site identification section, click Advanced.

  7. In the Advanced Web Site Identification dialog box, in the Multiple identities for this Web site section, select the row containing the host header name you configured for the Web site that is using NTLM authentication, and then click Edit.

  8. In the Add/Edit Web Site Identification dialog box, select the IP address that you want to map to the Web site that is using NTLM authentication from the IP address list.

  9. In the Host Header value box, make a note of the host header name. This is the host header name you assigned to the site that you configured for NTLM authentication. You will need to use this name in the next procedure.

  10. In the Host Header value box, delete the host header name, and then click OK.

  11. Click OK to close the Advanced Web Site Identification dialog box.

  12. Click OK to close the Properties dialog box.

  13. Close IIS Manager.

Use the following procedure to create a site collection for your Web application. You must be a server administrator to perform the following steps.

Create a site collection for the Web application
  1. Click Start and then click Run.

  2. In the Run dialog box, in the Open box, type cmd, and then click OK.

  3. Browse to the following folder:

    systemdrive:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN

    where systemdrive is the drive on which Windows SharePoint Services 3.0 is installed.

  4. In the command window, type the following command, and then press ENTER:

    stsadm.exe -o createsite -url http://<HostNamedSiteAddress> -ownerlogin <DomainName\UserName> -owneremail <username@example.com> -hostheaderwebapplicationurl http://<WebApplicationUrl>

The following table describes the variables used in step 4 of the previous procedure.

 

Variable Description

HostNamedSiteAddress

URL chosen by the farm administrator for users to access the top-level site of the site collection. The DNS administrator maps this name to the IP address used to access the Default zone of your Web application.

DomainName\UserName

Primary owner of the host header-based site collection.

username@example.com

E-mail address of the site collection owner.

WebApplicationUrl

URL of the default zone of the Web application. You can find this URL on the Web Application List page in Central Administration.

Before users can access the sites on the Web application you have created, you must grant those users the appropriate permissions to your sites. If you want to manage security at the Web application level, a farm administrator can create a policy to grant permissions to the Web application. Alternatively, if you want to manage permissions at the site collection level and at lower levels, site collection administrators can add users to the appropriate SharePoint groups.

For information about using a policy to grant users permissions, see "Manage permissions through policy" in the Help system. For more information about managing permissions at the site collection and lower levels, see Plan site and content security (Windows SharePoint Services).

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Downloadable content for Windows SharePoint Services 3.0.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft