What is the purpose of zones in sharepoint? (web application zones or authentication zones or how do they call it)

Each "zone" is essentially a new IIS Website, where each of the web sites point to a single Application Pool. Theses are also called extensions. Application pools in IIS create complete thread isolation by running separate worker proccesses.

Any Web application can be extended into multiple zones. Extending a Web application to additional zones allows users to access the same Web site through separate and independent URLs, each with its own Web.Config file and IIS application scope. Each zone is configured with its own load-balanced URL (protocol, host header, and port). This allows, for instance, one Web application to make use of many configurations including multiple authentication stores, caching scenarios, or custom HTTP modules.

Basically it allows you to treat a single site differently based on what URL is used to access the site. What is important to keep in mind is the aspect of Load Balancing, caching.

If you have a local intranet that will have, say, 500 internal users and want to extend that site so that you allow external users, say in the thousands, then these features will allow you to separate content and load balancing to limit physical access to specific servers, use custom HTTP Modules for specific zones to create unique sign on rules based on these groups of users.


Zones represent different logical paths (URLs) of gaining access to the same Web application. You can use zones to enforce different access and policy conditions for group of users.

Zones provide a method to partition users by:

  • Authentication type (ex: claims-based authentication, windows authentication)
  • Network zone (ex: extranet, Internet)
  • Policy permissions (ex: allow or deny read or write access)

Each Web application can have a maximum of 5 zones.The 5 possible zones are:

  • Default
  • Intranet
  • Internet
  • Custom
  • Extranet

When you create a Web application, the Default zone is created. You can then extend the Web application to create other zones.

Each zone can only be selected once per Web application. For example, you can only have one Default zone in a Web application.

Each zone is represented by a different Web site in IIS.


it allows you to have different access from different urls with different security.

This allows you to set "Windows Authentication" for Intranet, "Form Authentication" for the extranet and "Form Authentication with allow anonymous" for the Internet.

The cache settings are also different depending on the zone. You can configure the cache to behave differently depending on which zone you are.

So far, those are the main differences for the different zones (including 3 different public url available).