Advanced Extranet Support

Microsoft Windows SharePoint Services 2.0 Service Pack 2 provides an object model for creating and managing incoming and outgoing URLs in cases in which a reverse proxy server must be implemented between the client computer and the Web server running Windows SharePoint Services. An incoming URL is the URL of a request when it reaches the Web server running Windows SharePoint Services. Windows SharePoint Services determines this URL by examining the application layer protocol (HTTP or HTTPS), the Host header in the HTTP packet, and the destination port of the TCP packet. An outgoing URL is the base absolute URL that Windows SharePoint Services uses in the links it generates on the pages that it returns to the user.

A reverse proxy configuration may be required, for instance, when the same SharePoint site must face both internally within a corporation or organization, and externally to an extranet or the Internet. In such a case, two virtual servers share the same content, with the reverse proxy applying to only the externally facing server. The internally facing server is directly accessible by HTTP; the externally facing server can be reached only by a Secure Sockets Layer (SSL) request to the reverse proxy server.

Advanced extranet support addresses the following reverse proxy configurations:

• SSL Termination — The user accesses a SharePoint site by specifying https as the protocol in the URL. A reverse proxy server receives the SSL request, converts it into an HTTP request (http), and forwards the converted request to the server running Windows SharePoint Services.
• Host Header Modification — An application that generates a Web request includes a header in the request called the host header. The HTTP host header identifies the host that the user entered in the URL. In this configuration, the user accesses a SharePoint site using a URL such as http://www.example.com, where the host is www.example.com. A reverse proxy server receives the request, changes the host header to the internal name of the server running Windows SharePoint Services, such as sharepoint.internal.example.com, and then forwards the request to this server.
• Port Translation — The user accesses a SharePoint site using a particular port number, such as 80 for HTTP requests. A reverse proxy server receives the request and forwards it to the server running Windows SharePoint Services on a different port, such as 1234.

In each of these cases, the reverse proxy server modifies the original request URL to become a different URL. Prior to Service Pack 2 and advanced extranet support, Windows SharePoint Services assumed that the incoming URL it received was the original request URL. It used that incoming URL as the absolute URL in the links it generated on the pages that it returned to the user, which would be the wrong URL for the user. Advanced extranet support makes it possible for Windows SharePoint Services to use a different protocol, host name, and port number in the links it generates on the pages that it returns to the user.

A reverse proxy server receives a request for a particular URL from the client computer; the proxy server then remaps the request to a different URL for the Web server running SharePoint. For example, the proxy server may receive a request such as https://www.example.com/sites/Site/default.aspx but forward the request to the Web server as http://nn.nn.nnn.nn/sites/Site/default.aspx. With the advanced extranet support, Windows SharePoint Services can be customized to return the same original URL base (for example, https://www.example.com) in all links on its pages.

Note  Advanced extranet support applies only to content virtual servers and not to the SharePoint Central Admininistration Web site or virtual server. This support is available only when Windows SharePoint Services Service Pack 2 is deployed in nonscalable hosting mode.

Windows SharePoint Services examines the packets it receives from the proxy server and isolates the protocol, host name, and port number parts of the request or incoming URL. SharePoint then uses two tables to determine the correct base of the URL to return: one table maps each incoming URL to a particular zone, and the other table maps each zone to a particular outgoing URL. Windows SharePoint Services rewrites the URLs shown on its pages using the outgoing base URL that it finds through the tables.

Zones map incoming URLs that Windows SharePoint Services receives from the proxy server to outgoing URLs that it uses in the links it generates on the pages it returns to the user. Five zones per virtual server represent the various ways of accessing a SharePoint site: Intranet, Internet, Extranet, Custom, and Default. Although each zone can have any number of incoming URLs, each zone can have only one outgoing URL.

When Service Pack 2 is installed, the following types of the Microsoft.SharePoint.Administration namespace provide ways to create and manage alternate request URLs on a virtual server:

• SPAlternateUrl
• SPAlternateUrlCollection
• SPUrlZone

In addition, the following properties have been added to the SPVirtualServerConfig class:

• AlternateUrls
• CustomZoneOutgoingUrl
• DefaultZoneOutgoingUrl
• ExtranetZoneOutgoingUrl
• InternetZoneOutgoingUrl
• IntranetZoneOutgoingUrl

The AlternateServerUrlFromHttpRequestUrl method of the SPUtility class returns the outgoing URL associated with a specified incoming URL.

For more information on using reverse proxy servers with Windows SharePoint Services, see Reverse Proxy Configurations for Windows SharePoint Services and Internet Security and Acceleration Server.