My goal is to extend my main production site from an unconventional port (i.e., not 80) to a site in the cloud with host headers on port 80 where I'll allow anonymous access. I may allow (or require) FBA access on port 80 at some point, and past experience has taught that having Windows-authenticated (this will be on the unconventional port) access available instead of relying solely on FBA can save many headaches. As I write this, everything is still on a dev virtual machine, and using unconventional ports is all I do as it is easier than modifying the hosts file or setting up actual domains. When I promote this to a production machine, I'll follow these steps again.
Extend the web site:
- Central Admin > Application Management > SharePoint Web Application Management – Create or Extend Web Application > Extend an existing Web Application
- Choose the appropriate web app, port, description, host header (optional)
- Set "Allow Anonymous" Yes radio button
- Set Zone to Internet
Set the Intranet zone for the web site extension to anonymous (if you skipped set to anonymous when extending the web site)
- Central Admin > Application Management > Application Security – Authentication Providers > Internet
- Leave the Authentication Type as Windows for now
- Set the enable anonymous access check box
Set the extended internet site to Anonymous Access
- For the most part, this allows mostly read-only access content on the site, and prohibits access to configuration pages. However, the Enhanced Blog Edition may immediately publish anonymous blog post comments (this happened to me, and hopefully I'll figure out what happened), and may open up other undesired holes.
- Once you set a site to Anonymous access, it is not intuitive how to undo this action.
- From the internet site (not Central Admin, and not the default site), log in, navigate to Site Settings > Users and Permissions – Advanced Permissions > Settings > Anonymous Access > Entire Web site
Configuring Anonymous Access for Web Applications & Sites has a different approach (just making an existing site anonymous instead of extending the site). It also has some detailed screen shots and details on how to alter the anonymous access rights.