Windows Server TechCenter >
Windows Server Forums
>
Terminal Services
>
TS Web Access / RemoteApp Pass-Through Authentication
TS Web Access / RemoteApp Pass-Through Authentication
- Hi Everyone,
Here's what I have: two servers, one a terminal server, the other hosting TS Web Access and TS Gateway, both in a domain network. By default, I have TS Web Access configured for windows authentication. When I access TS Web Access from home, I am prompted for a domain authentication to access the list of applications, and then prompted again for the same credentials when I connect to an application.
Here's what I would like: single sign-on through web access to the application or remote desktop. I'm already authentication, I would imagine this wouldn't be too difficult. I realize I could disable Windows authentication on the website, but then that would publish my application list to the world, which although still somewhat secure, is less than ideal.
Is this a possiblity? I am not using an ISA server, and I am aware that Microsoft doesn't support a form-based authentication out of the box (but it would have been nice). I have seen techstur.com's form-based non-ISA pages, which look nice, but I still don't think that solves my single sign-on possiblity. All comment welcome, thanks!
Grant
All Replies
- Try these links:
You can learn more about Single-sign on here (you will need to use the RDC6.1 client on XPSP3 or Vista SP1):
http://blogs.msdn.com/ts/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx to enable SSO
Also, post here describes how to get single credential prompt between TS and TSG:
http://blogs.msdn.com/ts/archive/2007/05/04/single-credential-prompt-for-ts-gateway-server-and-terminal-server.aspx
- Thanks, those are helpful. I've reviewed them before.
The first article only applies to domain computers, unfortunately. I'm specifically referencing systems that are simply a user's personal home PC.
The second article I have applied, but this only brings me down from 3 logins to 2.
I'm trying to accomplish passing the credentials I supply to access the TS Web Access website to the published RemoteApps, instead of having to authenticate an additional time. Another solution would be to issue published MSI or RDP files to the users, but again, the ideal solution is as I have described. - Hi,
we face this problem also. And I guess the default TS Web Access just doesn't support it.
With own page, you can figure out way to capture the website login username and password and pass it to the MSRDP ActiveX component.
Here is the code part, which assign the user identity:MsRdpClient.TransportSettings2.GatewayDomain= "DOMAIN" MsRdpClient.TransportSettings2.GatewayUsername= "user" MsRdpClient.TransportSettings2.GatewayPassword= "pass" MsRdpClient.AdvancedSettings.ClearTextPassword= "Password" MsRdpClient.UserName = "User"
The TS WebAccess web page works with the new Interface property MsRdpClient.MsRdpClientShell.RdpFileContents.
With this, I still haven't found the attribute to set the gateway login. - Im triing to use your solution in RD WEB SERVICE of Windows 2008 R2... Which file i need to modify to use your solution?
Any help is a help...
