The Hybrid Provider allows SharePoint sites to simultaneously authenticate SQL and AD users. This is different from extending web apps and creating multiple zones. The aforementioned "supported" method to dual authentication requires managing multiple web apps and doesn't allow
There are a few bullets to mention here before you implement the Hybrid Provider:
- Version 3.0 has been released! Please review the documentation in the "Releases" tab for links to articles about the new installer and features.
- SharePoint 2007 Service Pack 1 is required for the Hybrid Profiler.
- Back up every web.config file you can find. Seriously. Custom membership providers add a lot to web.config files, so back them up, put them on your FOB, and lock the FOB in your sock drawer.
- Run this on your SharePoint server, logged in as your SharePoint "System Account." Some beefy permissions are needed here to talk to SharePoint Central Admin, AD, and SQL. Ideally, this will be installed with the same credentials as the account running your SharePoint IIS app pools.
- The installer was written in WPF, so you'll need .NET 3.0 on your SharePoint server (which you should already have, since WSS 3.0 takes a dependency on WF).
- The assumption is made Actice Directory is already in place. So make sure you have your AD connection string (LDAP://probablly your domain name.something). Also, make sure the ASPNET SQL database has been provisioned. If it's not, you can do so from the installer.
- An IISRESET will be executed automatically at the end of the installation.
- Version 3.0 adds the "Hybrid Roller" to authenticate both AD and SQL groups.
- All users will read at least Read access to the root web of your site collection for the Hybrid Profiler's UserInfo.aspx page.
- This has been tested on Windows Server 2003 / IIS 6 and Windows Server 2008 / IIS 7. And, yes, it worked on both. :)
- Check out my blog for technical details about how it all works.
- For production environments, each SQL user will need a SharePoint CAL.