Hey all.. working on a new architecture for an app. The site will have both an Intranet site (larger portion of the app) and an Internet site (smaller, minimal functionaly, but common pages with the intranet app). I am trying to decide on what the best architecture would be for such an app as the intranet site is the main site and the internet app has a subset of the intranet's functionality, therefore, it is possible to just filter out functionality based on the user that is connecting to the application... but that may be a security risk..

Here are the designs I am thinking of:
#1 - 2 different sites, since the public site would need to be hosted from a public web server outside the DMZ, you definately dont want the intranet site on that server outside the DMZ... But this has 2 options:
#1a - develop 2 different sites, placed on different servers
#1b - use the same site for each server, just limit the functionality of the site that is outside the DMZ (the internet app)

#2 - Just hosting the internet and intranet site on the same box, outside the DMZ using 1 app. The security we are looking at would be form-based authentication, certian users could be declared as internal or external.. (Heck, with that, all users may as well hit the site from the Internet, no need for the intranet site since both would be form-based login... they dont want to take advantage of NTLM)

Any ideas?
-MCD