posted on 5:46 PM, February 20, 2008
An "extranet" is a part of a website that is not publicly accessible. To gain access to the extranet, you must first provide some authentication information (typically a login ID and password). This mechanism is used to access private areas of the website meant for members, customers, suppliers, employees and staff, and so on, but not the general public.
The advantages of an extranet are:
How to set up an extranet using ExSiteExSite Webware has a privacy setting for web pages, which can be one of:
If a regular member navigates to an administrators-only page, the same thing happens again. They will need to enter the login and password of an administrator to view the page.
If a regular member navigates to a private page in another site or section, they will again be asked for a valid login and password. Private pages are private only to members of that section. A consequence of this is that you can set up several sub-sections with completely different groups of users in each.
From the point of view of ExSite, a "member" is any person who can log in to a private part of the website. It does not necessarily imply membership in an organization, or any other affiliation with the website owners.
Member-only AreasYou may set the privacy of any page anywhere in the site. (The home page, index.html, should always be public, however.) In principle, your private pages can be scattered all over the place.
To keep things organized and easy to navigate, it is common to group private pages into a single part of the site map. This makes it easier to think of the private pages as a single "area" of the site. To do this, simply group all of your private pages under the same parent page. The parent page can be given a menu label of "Members" or "Login" to indicate that it is the entry point to a private area.
Menu PrivacyPrivate pages still appear in the automatic site menus even when you are not logged in. (Otherwise there is no way of getting to a private page in order to log in.)
Sometimes you want to keep even the menu links private until the user has logged in. To do this, group all of your private pages under the same parent page, and make that parent page also private to members. The submenu of all the private pages will not be displayed until the parent page is viewable, and the parent page will not be viewable until the user has entered their login and password.
Customized Login ScreensThe login screen that ExSite throws up when you are trying to view a private page is quite plain. You can specify a system logo in the ExSite configuration file, which will be used for a banner on the login form. If you want a fully-templated login screen, read on.
If an unknown user tries to view a private page, the system regards that as an error, and as its error message, displays a login form. Error messages are untemplated by default, but you can specify a special error template as follows:
Static pages and privacyStatic pages are published to regular files and are always visible to the public. Private pages are displayed dynamically. If you change a public, static page to private, new revisions of the page will only be viewable dynamically, and all links to the page should also change to using dynamic URLs.
However, the old published file will still be present on disk. This legacy version of the page may still be reachable from bookmarks or search engines. To avoid this, unpublish the page, which removes its disk files. After doing this, old bookmarks or search engine entries will result in a 404 (page not found) error. (To avoid the 404 error, you can add some Apache redirects from the old static URL to the new dynamic URL, but that is beyond the scope of this document.)
If you really must have a static page that is also private, then you can make use of .htaccess files to password-protect particular files or directories on your server. This is a feature of Apache, not ExSite. That means that it does not use ExSite's database of members and passwords to control access; it has its own list of usernames and passwords. Consult your Apache documentation for details.
Notes on SecurityExtranets provide an extra layer of security around sensitive areas of your site that you may want to protect from public view. It should be noted that the security provided by web connections is not very strong. It is good enough to keep out casual prying eyes, but if your data is particularly sensitive you will want to consider additional security measures as well, such as:
best practices (5)
content management (12)
data handling (7)
graphic design (21)
html formatting (7)
plug-in modules (28)
visual tutorial (29)
web protocols (9)