What are some best practice approaches to ensure security but host IIS web applications "outside" the DMZ? Some sub-questions I could ask to help clarify:
a) Are there valid approaches to achieve the above that would get the security tick? (or is it a set in stone security concept that your IIS app server needs to be inside the DMZ, and can then send database requests through to the inside network where the DB resides)
b) What components/system/approaches would you then need to run in the DMZ to achieve security?
c) I assume basic passthrough from DMZ to app server inside the network via use of Proxy Servers alone would not be recommended?
d) Perhaps set up of a web-server (not the IIS app server running the .net apps though) in the DMZ (apache or IIS) with some sort of security plugin to do pass through. Not sure what would happen re HTTPS connections here however whereever these can pass these through.
e) Any links to publications/pages that address like "options to deploy your internet facing IIS hosted .net applications" would be apprecaited.