Thanks in advance for your help.
In my environment, I configured IIS to act as a reverse proxy and forward requests to certain paths to an application server on another host. In order to do this, I used Application Request Routing (ARR) and URL Rewrite modules, I create my rule and everything's working fine.
IIS is responsible to authenticate clients using NTLM, so my question is: is it possible to pass the authentication credentials (at least the username) to my application server after authenticating the user?
I tried to do this adding a custom header to my requests, writing a rule like this:
<rule name="ForwardToApplicationServer">
<match url=".*" />
<serverVariables>
<set name="HTTP_AUTH_USER" value="{AUTH_USER}" />
</serverVariables>
<action type="Rewrite" url="http://myappserver/myapp/{R:0}" logRewrittenUrl="true" />
</rule>
But it doesn't work: when I read it on my application my header is alwasy empty. I also tried with and but none of these worked.
So, what am I doing wrong? Should I use another server variable? Am I missing something?
More in general: is it possible to do what i'd like to do?
Again, thanks in advance for your help, and please forgive me if I'm asking something obvious but I'm new to using IIS and I couldn't find anything that helped me.
NTLM Authentication ProcessThe client passes a plain text version of the username to the relevant server. The server replies to the client with a challenge, which is a 16-byte random number. In response, the client sends the challenge encrypted by the hash of the user's password.
On the IIS Manager application, access your website and select the directory that you want to protect. On the right part of the screen, access the option named: Authentication. Disable the Anonymous authentication on the selected directory. Enable the Windows authentication on the selected directory.
Application Request Routing (ARR) is a Microsoft Internet Information Services (IIS) feature that you can use to enable SnapCenter load balancing across multiple servers with a user interface. Network Load Balancing (NLB) is a Microsoft feature that SnapCenter uses to provide server high availability.
http://weblogs.asp.net/owscott/an-intro-to-iis-url-rewrite-plus-redirecting-urls-to-www-web-pro-week-8-of-52
{REMOTE_USER}, {LOGON_USER} & {AUTH_USER} do not work with URL-REWRITE, ...
You can use www.isapirewrite.com
which runs later in the stack and has a handle on the auth data.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With