Wednesday, December 12, 2012 2:53 PM
We're having some problems, or challenges if you will, with regards to getting Silverlight to work with TMG FW Clients.
We're configured with TMG 2010 (Standard with latest service pack), and Forefront TMG Clients (WinXP and Win7) ver. 7.0.7734.100
We have integrated authentication enabled for the web proxy configuration, but we don't require all users to authenticate.
No other authentication settings are enabled, such as Radius, SSL, Basic, etc.
We have several outsourced websites where the vendor uses DotNet with Silverlight to stream video's used 'heavily' within our organization.
From what I understand, Silverlight does not support the authentication method with a web proxy configuration.
Is there a way, to configure a firewall or web access rule to allow users access to specific websites or domain categories while not using the authentication?
I'm having a hard time discovering a solution where we avoid disabling the authentication rules, or avoid changing the web proxy configuration settings in the browser, to allow the silverlight application to run. Any help or direction would be greatly appreciated.
Wednesday, December 12, 2012 3:28 PM
Create a web rule with From "all internal" To "Web server (Can be URL or public ip) and then All users. This will not require authentication when the traffic is matched.
Place this rule at the top of all rules. And should be the first one to match.
Wednesday, December 12, 2012 4:19 PM
Thank you for your reply. Unfortunately we've attempted that route, with the following;
Web Access Policy, configured with a defined 'Allowed Anonymous Rule', this rule is configured to allow HTTP, HTTPS, Custom (8080), From All Networks (and local host), to URL Sets (Allowed Anon URL), and Domain Sets (Allowed Anon Domain), for all users and anonymous accounts.
We've been using this rule to accomodate for the ANONYMOUS\ client usernames which need access through proxy forwarding, VSoapClients, etc.
We don't have a Firewall Access Policy, which I'm not sure if that's where the rule needs to be placed.
I've attempted to write a Firewall Access Policy, where the action to allow traffic from All Networks (and Local Host), to Custom Domain and URL Sets as well as Network Sets by IP, conditioned by All Users. This attempt was a failed attempt as well.
It almost seems to me, that a System Policy or Web / Application filter for authentication would be the solution, but I'm not sure that any other Authentication filter, such as forms based, is available for this particular problem.
Any other suggestions? My next step is to simply open a ticket with Microsoft Support.
- Edited by FPTHREE Wednesday, December 12, 2012 4:25 PM
Friday, December 14, 2012 8:40 AMModerator
Thank you for the post.
Just as you said, Silverlight does not support proxy auth, you have to create an anonymous rule allowed users access sites using Silverlight
Nick Gu - MSFT
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, December 17, 2012 8:10 AM
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Wednesday, December 19, 2012 2:16 PM