I am creating a web site for the company that I work for. We have a Windows 2000 Server running with AD and Exchange 2000. Now I want to give some of the people that are not part of our company access to our web site. How can I do it? How can I set them up? I tried set those people as contacts, but I can't set passwords on contacts, so they can use it to accsess web site. I then tried to set them up as a regular users, BUT since those people are not part of our company I don't want to give them our e-mail addresses. I know I can set up the user without setting him/her up on exchange, but then again I want to be able to see that person's OWN e-mail address when I try to send him/her e-mail.

Can anybody help?

Why not make a login with a data base, an https login maybe. Then on the top of your pages check to make sure the user is logged in and do not bother with making the directory private, or w/ password only.

Basically you're on the horns of the Microsoft dilemma. It's so easy to use unless you need to do something that commonly needs to be done in a big company.

You *should* be able to put the external folks into Exchange AND into a special AD group and manipulate the rights of that group and the rights of your internal users' group to allow the kind of access you require. I.e., group Ext is authenticated for the web app but they cannot see anything about group Int. Group Int is authenticated for the web app and they can see everyone. Actually you probably want a user in group Ext to be unable to see ANYTHING in Exchange except his own information.

Well I have not used advanced or exchange enough to be of much help. I have only done permissions and stuff on iis5 and 6 :( But I am a data base junky....

I like using a database for additional user info, too, but our security folks insist (and I agree) that the authentication be done by the web server itself before any request gets passed to an app. Actually they have a further stipulation that the authentication mechanism must not be the underlying OS security. Needless to say, we don't put Windows/IIS boxes on the Internet.

Of course the back end of an LDAP server like AD or OpenLDAP or IBM SecureWay is some kind of database and you can store all kinds of additional user info in there. It sure is a lot easier doing SQL than LDAP, though. 8-)

Your using asp, but not iis? iis6 is pretty secure.

For stuff visible to the world we either push the data out to the DMZ and use CGI in Perl or we use Websphere with the web server in the DMZ and the app server inside. IIS6 and Win2003 are a little better (mainly because of default setup stuff) but nothing is really secure running on top of Microsoft's TCP/IP stack because they seem to have no security-related coding standards. We use ASP for intranet apps.

Well I have not had problems w/ it. It is all in the way the server admin has it all setup, I think. I mean if you have things like write access in your root dir, you are screwed. But I have not heard of any major security holes, maybe I have not looked hard enough. I am running it through a dmz as well.