Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
How do I publish an internal web site and require authencation to use that site?

Answered How do I publish an internal web site and require authencation to use that site?

  • Friday, February 01, 2013 11:50 PM
     
     
    Sign In to Vote
    0

    Hi,

    Here is what I'm trying to do. I have a site on my internal II 7.0 web server that I want to publish.  I have no problem doing that, and have published a couple of sites with my TMG server with no issues. But for this new site I want to publish I want to require users to enter an ID and password in order to be able to connect to this site.  I have setup a user account on the web server and in the IIS config for the site turned off anonymous access and specified the local user account I created as having read access to the site.  This all works great when I test the site internally. When I connect to the site I get prompted for the account information and that's what I want.

    But I'm running into problems when I try and publish the site using my TMG server.  I'm guessing that the problem is related to the HTTP listener and the authentication options I'm using.  I don't want to use AD to authenticate because I don't want to use a domain account for this login, but rather use the local account I created on the web server.  The problem is I can't seem to connect to the published site unless I create a domain account and give it read access on the IIS server where my site is. Also, I get to login prompts when I connect to the site using this configuration. 

    Any ideas about what I'm doing wrong?

    Thanks,

    Nick

     

All Replies

  • Monday, February 04, 2013 11:21 AM
     
     Answered
    Sign In to Vote
    0

    Hi Nick,

    am I right, that you want to directly authenticate with the IIS without a "preauthentication" on TMG?

    If yes, please use the follwing Settings:

    On the Web Listener Authentication Setting choose "No Authentication"

    On the "Authentication Delegation" Tab of the Firewall rule select "No Delegation, but Client may authenticate directly"

    With this Setting the Client have to authenticate directly with the Website and you don't have to use Domain Accounts.

    Best regards,

    Markus

    SecureGUARD GmbH ( http://www.secureguard.at )

     
  • Friday, February 08, 2013 4:44 PM
     
     
    Sign In to Vote
    0

    Hi Markus,

    Your recommendations worked great.

    Thanks,

    Nick