Hello,

I'm trying to understand how does search security trimming works in an extranet environment. We're planning to lay down our plan to build a sharepoint 2013 extranet environment. Authentication would be through be claims FBA (corporate LDAP). The web application would be extended over claims NTLM to support the crawl component.

Primary users would be external customers logging in (FBA) and searching for documents. Requirement is to show them documents to which they have access to.

My doubt is, since we are crawling over NTLM, the ACL information that's stored would have only the windows ACL information, or even the FBA ACL as well?

Will a customer logging in using FBA, get to see security trimmed results automatically, or extra work needed?

Any article, or lead would help.

T

so within SharePoint, security is first applied when a site collection is created. The security that it is first given, is based on the auth model. If the auth model is FBA, the default security will use FBA. If the auth model is claims, the default security will use claims.

When you extend a webapp, by default the new auth model won't have ANY permissions. you'll need to add them (by connecting to the original webapp with the original auth, and then adding FBA users/groups).

As it relates to search, when the content is indexed, all of the ACLs are considered... but they need to exist.

If there are no ACLs using FBA, then they won't be able to log in, and search results won't show anything (since they'd all be trimmed out)