Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
TMG form authentication for selected paths only

Locked TMG form authentication for selected paths only

  • Monday, July 12, 2010 2:33 PM
     
     
    Sign In to Vote
    0

    I'd like to publish a web application through TMG.  There is a public and a private area on the site, distinguished only by path (i.e. http://site/public and http://site/private).  So far I've been unsuccessful at having TMG allow anonymous unauthenticated users to the public path.  Is this even possible?  Any creative solutions anyone would like to share?

    Thanks, Dan

       

    All Replies

    • Monday, July 12, 2010 3:00 PM
       
       
      Sign In to Vote
      1

      It's possible by making two publishing rules (one for each path).

      If you want more information about that don't hesitate.

         
      • Monday, July 12, 2010 4:48 PM
         
         
        Sign In to Vote
        0

        I tried that approach without any luck.. does it matter that I'm trying to use TMG form based authentication?  It seems like the authentication configuration is assigned to the listener rather than the publishing rule.. so the challenge has been how to do this without utilizing an additional hostname and/or port.

           
        • Monday, July 12, 2010 8:18 PM
           
           
          Sign In to Vote
          0
          From my understanding of the web proxy hooks: the FBA is triggered immediately, way before the request is processed far enough to choose which rule will be applied.  I don't know why they chose to implement it this way, but the result is that it wouldn't be possible to "wait" until the rule is selected before deciding to send the user to the form auth page.  All users to that listener would get it all the time.

          I don't work for MS, this is just my own understanding.  Please feel free to correct, anyone who may know better.
             
          • Monday, July 12, 2010 8:36 PM
             
             
            Sign In to Vote
            0

            f3rrix, thanks for your reply.. unfortunately that was the same conclusion I was coming to through testing on my own server.  I'm not too optimistic about it, but still hoping someone has come up with a creative workaround they can share. 

               
            • Wednesday, July 14, 2010 5:28 AM
              Moderator
               
               Answered
              Sign In to Vote
              0

              Hi,

               

              Thank you for the post.

               

              Just like Lionel said, it requires two publish rules with each path in the PATHS Tab. one anonymous for http://site/plulic and one authenticated for http://site/private. And they cannot share a common listener.

               

              Regards,

              Nick Gu - MSFT