By Matthew McBride
Overview of Authentication Provider MappingSharePoint Extranet Collaboration Manager 2010 (ExCM) can streamline the experience for users located inside your corporate network by implementing a feature called Authentication Provider Mapping (APM). This simply maps an IP address to a specific authentication provider. When APM is enabled and configured, it will determine whether the request for your ExCM page is coming from inside your network or from an external user. This is achieved by specifying a range of IP addresses belonging to your internal network and then specifying the authentication provider that is to be used (Windows in this case).
By default, all requests to your ExCM site are sent to our custom sign in page (assuming you have configured it within Central Administration). Notice the “Sign in using Windows Authentication” link near the bottom:
Configuring Authentication Provider Mapping
The first thing we need to do to configure APM is to enable the PowerShell service provided as part of ExCM 2010. This service provides additional configuration options not available in the normal User Interface (UI). To enable the service, open up the SharePoint Management Shell and type the following command:
Then we will need to specify the subnet and the authentication provider to be used (Windows, or AD, as in this case):
With APM configured, we also need to ensure that IE is set up to authenticate the user accordingly. To do this, we need to first add the ExCM site to the “Trusted Sites” list:
Then we need to ensure that the “Automatic logon with current user name and password” setting is enabled for the Trusted Sites Zone security level:
Additional Considerations and SummaryThere are a couple of things to keep in mind before and when you implement APM. First, it is NOT recommended to use APM during your ExCM testing phase. Doing so will make it difficult to test Forms Based Authentication user credentials. Second, if you have a device inside your network performing any type of reverse proxy that may change the IP address of the original request (such as an F5), you would need to add the address or range of addresses the device is using.
In summary, Authentication Provider Mapping can greatly streamline the experience for your internal users when accessing a SharePoint Extranet Collaboration Manager 2010 (ExCM) site inside your corporate network. When APM is configured, these users will be sent directly to the top level site without having to provide any further credentials.