Tech Off Thread

3 posts

Call a internal web service from DMZ

Back to Forum: Tech Off
  • User profile image
    haniar

    I want to perform with the help of an internal Web service, the AD authentication and put in DMZ available.

    As I've read from the thread http://channel9.msdn.com/Forums/TechOff/510686-How-to-call-a-web-services-running-inside-secure-network are three different options possible for call an internal web service from the DMZ.

    Can someone confirm me if it's not possible to put a mapping in firewall so that DMZ request is able to call the web service internal. (Dyanmic Routing / Static Routing)

    I can not use the VPN option Sad

  • User profile image
    AndyC

    Few options spring instantly to mind:

    1) Configure IPSec and authenticated pass-through on the firewall and respective machines. Quick,easy and about as secure as you can get (assuming you're using an IPSec aware firewall).

    2) Multi-home the server so that it has a secondary network that can be used solely for communication with the webservice providers. Messy and a little tricky to configure securely.

    3) DirectAccess could be used to provide a VPN-like solution without a VPN. Bit heavyweight if you don't really have reason for external clients to have access into the network (for remote working etc). Also has a big dependency on IPv6, which can still be something of a stumbling block.

  • User profile image
    blowdart

    There's also service bus - have a service bus connection tunneling through to the secure service, then ADFS to auth it (which is what I've ended up doing for a couple of things)

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.