Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
Silverlight doesn't work with TMG Clients

Answered Silverlight doesn't work with TMG Clients

  • Wednesday, December 12, 2012 2:53 PM
     
     
    Sign In to Vote
    0

    We're having some problems, or challenges if you will, with regards to getting Silverlight to work with TMG FW Clients.

    We're configured with TMG 2010 (Standard with latest service pack), and Forefront TMG Clients (WinXP and Win7) ver. 7.0.7734.100

    We have integrated authentication enabled for the web proxy configuration, but we don't require all users to authenticate.

    No other authentication settings are enabled, such as Radius, SSL, Basic, etc.

    We have several outsourced websites where the vendor uses DotNet with Silverlight to stream video's used 'heavily' within our organization.

    From what I understand, Silverlight does not support the authentication method with a web proxy configuration.

    Is there a way, to configure a firewall or web access rule to allow users access to specific websites or domain categories while not using the authentication?

    I'm having a hard time discovering a solution where we avoid disabling the authentication rules, or avoid changing the web proxy configuration settings in the browser, to allow the silverlight application to run. Any help or direction would be greatly appreciated.

    Thanks

     

All Replies

  • Wednesday, December 12, 2012 3:28 PM
     
     
    Sign In to Vote
    0

    Hi,

    Create a web rule with From "all internal" To "Web server (Can be URL or public ip) and then All users. This will not require authentication when the traffic is matched.

    Place this rule at the top of all rules. And should be the first one to match.

    Regards, Rmknight

     
  • Wednesday, December 12, 2012 4:19 PM
     
     
    Sign In to Vote
    0

    Hi RM,

    Thank you for your reply. Unfortunately we've attempted that route, with the following;

    Web Access Policy, configured with a defined 'Allowed Anonymous Rule', this rule is configured to allow HTTP, HTTPS, Custom (8080), From All Networks (and local host), to URL Sets (Allowed Anon URL), and Domain Sets (Allowed Anon Domain), for all users and anonymous accounts.

    We've been using this rule to accomodate for the ANONYMOUS\ client usernames which need access through proxy forwarding, VSoapClients, etc.

    We don't have a Firewall Access Policy, which I'm not sure if that's where the rule needs to be placed.

    I've attempted to write a Firewall Access Policy, where the action to allow traffic from All Networks (and Local Host), to Custom Domain and URL Sets as well as Network Sets by IP, conditioned by All Users. This attempt was a failed attempt as well.
    It almost seems to me, that a System Policy or Web / Application filter for authentication would be the solution, but I'm not sure that any other Authentication filter, such as forms based, is available for this particular problem.

    Any other suggestions? My next step is to simply open a ticket with Microsoft Support.

    Thanks,


    • Edited by FPTHREE Wednesday, December 12, 2012 4:25 PM
    •  
     
  • Friday, December 14, 2012 8:40 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi,

    Thank you for the post.

    Just as you said, Silverlight does not support proxy auth, you have to create an anonymous rule allowed users access sites using Silverlight

    Regards,

    Nick Gu - MSFT