My question is a bit tricky to explain :)
We have ASP.NET websites running on Windows Server 2012. Some websites use SqlServer authentication, others use Windows authentication, some don't have any kind of authentication at all (or static HTML pages) etc.
We don't want our websites to be public (indexable by Google, available to anyone who knows the URL, etc.), but we don't want to use VPN either.
When the user comes to www.ourdomain.com, he should get a login prompt where he needs to enter his AD (Active Directory) username / password, and if authentication was successful, he can proceed to our website.
We don't want to set up authentication on the IIS / application level, it should be on the server level (firewall, proxy?).
We've had this setup in the previous company, but I don't know which technique they used. It had nothing to do with IIS, and the users outside the company were prompted to login in using their AD account.
Any help would be greatly appreciated!
