Friday, February 01, 2013 11:50 PM
Here is what I'm trying to do. I have a site on my internal II 7.0 web server that I want to publish. I have no problem doing that, and have published a couple of sites with my TMG server with no issues. But for this new site I want to publish I want to require users to enter an ID and password in order to be able to connect to this site. I have setup a user account on the web server and in the IIS config for the site turned off anonymous access and specified the local user account I created as having read access to the site. This all works great when I test the site internally. When I connect to the site I get prompted for the account information and that's what I want.
But I'm running into problems when I try and publish the site using my TMG server. I'm guessing that the problem is related to the HTTP listener and the authentication options I'm using. I don't want to use AD to authenticate because I don't want to use a domain account for this login, but rather use the local account I created on the web server. The problem is I can't seem to connect to the published site unless I create a domain account and give it read access on the IIS server where my site is. Also, I get to login prompts when I connect to the site using this configuration.
Any ideas about what I'm doing wrong?
Monday, February 04, 2013 11:21 AM
am I right, that you want to directly authenticate with the IIS without a "preauthentication" on TMG?
If yes, please use the follwing Settings:
On the Web Listener Authentication Setting choose "No Authentication"
On the "Authentication Delegation" Tab of the Firewall rule select "No Delegation, but Client may authenticate directly"
With this Setting the Client have to authenticate directly with the Website and you don't have to use Domain Accounts.
SecureGUARD GmbH ( http://www.secureguard.at )
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Friday, February 08, 2013 2:20 AM
- Marked As Answer by Nick Palmer Friday, February 08, 2013 4:43 PM
Friday, February 08, 2013 4:44 PM
Your recommendations worked great.