What is the purpose of zones in sharepoint? (web application zones or authentication zones or how do they call it)

StackOverflow https://stackoverflow.com/questions/232983
  •  | 
  •   ( words)


I can't understand the concept and, first of all, where it belongs. Is it solely a Shrepoint concept or more general like of ASP.NET or IIS level? Does it only affect authentication and if so how does it affect it? Or what effect does it have on an application? I know it is a broad question, but I've googled for about 15 minutes and haven't been able to find the answer. And it is kind a not so critical for me now but I'm curious.

Can you please give a link to a resource with an explanation of this? Thanks!

@Edit: I mean zones like in Authentication Provider : Forms Zone : Intranet (Internet, Default)

@Edit: From what I've understood by now the zones have to do with the association of IIS web applications with sharepoint web applications, and with site collections for that matter. So for example you can extend a web application creating a new IIS web application but from sharepoint's point of view it is just another URL pointing to the same web application with the same set of site collections. And the extension IIS web application can have a different sharepoint zone associeted with it (or thay can be the same zone) providing a way to use a different authentication methods for different access points of the same sharepoint application.

Am I right here?

Was it helpful?


Each "zone" is essentially a new IIS Website, where each of the web sites point to a single Application Pool. Theses are also called extensions. Application pools in IIS create complete thread isolation by running separate worker proccesses.

Any Web application can be extended into multiple zones. Extending a Web application to additional zones allows users to access the same Web site through separate and independent URLs, each with its own Web.Config file and IIS application scope. Each zone is configured with its own load-balanced URL (protocol, host header, and port). This allows, for instance, one Web application to make use of many configurations including multiple authentication stores, caching scenarios, or custom HTTP modules.

Basically it allows you to treat a single site differently based on what URL is used to access the site. What is important to keep in mind is the aspect of Load Balancing, caching.

If you have a local intranet that will have, say, 500 internal users and want to extend that site so that you allow external users, say in the thousands, then these features will allow you to separate content and load balancing to limit physical access to specific servers, use custom HTTP Modules for specific zones to create unique sign on rules based on these groups of users.


Zones represent different logical paths (URLs) of gaining access to the same Web application. You can use zones to enforce different access and policy conditions for group of users.

Zones provide a method to partition users by:

  • Authentication type (ex: claims-based authentication, windows authentication)
  • Network zone (ex: extranet, Internet)
  • Policy permissions (ex: allow or deny read or write access)

Each Web application can have a maximum of 5 zones.The 5 possible zones are:

  • Default
  • Intranet
  • Internet
  • Custom
  • Extranet

When you create a Web application, the Default zone is created. You can then extend the Web application to create other zones.

Each zone can only be selected once per Web application. For example, you can only have one Default zone in a Web application.

Each zone is represented by a different Web site in IIS.

it allows you to have different access from different urls with different security.

This allows you to set "Windows Authentication" for Intranet, "Form Authentication" for the extranet and "Form Authentication with allow anonymous" for the Internet.

The cache settings are also different depending on the zone. You can configure the cache to behave differently depending on which zone you are.

So far, those are the main differences for the different zones (including 3 different public url available).

For a Better Understanding,

A zone is a way to map multiple Web application configuration settings to a single set of content databases.

For example, you can create a Web application, create a content database, and then configure the database to use Windows authentication.

All of these settings are configured for the Default zone for the Web application. You can then extend the Web application and map it to a new zone. When you do that, you select a zone to map to, such as Intranet, Internet, Custom, or Extranet.

When you configure the second zone, you select an existing or new Internet Information Services (IIS) virtual server and a new load-balanced URL, and determine whether to use NTLM or Kerberos authentication. You can change the authentication provider, for example, to forms authentication, after the new zone is created.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow