Forwarding NTLM credentials from IIS with ARR and URL Rewrite

Question

Thanks in advance for your help.

In my environment, I configured IIS to act as a reverse proxy and forward requests to certain paths to an application server on another host. In order to do this, I used Application Request Routing (ARR) and URL Rewrite modules, I create my rule and everything's working fine.

IIS is responsible to authenticate clients using NTLM, so my question is: is it possible to pass the authentication credentials (at least the username) to my application server after authenticating the user?

I tried to do this adding a custom header to my requests, writing a rule like this:

<rule name="ForwardToApplicationServer">
<match url=".*" />
<serverVariables>
<set name="HTTP_AUTH_USER" value="{AUTH_USER}" />
</serverVariables>
<action type="Rewrite" url="http://myappserver/myapp/{R:0}" logRewrittenUrl="true" />
</rule>

But it doesn't work: when I read it on my application my header is alwasy empty. I also tried with and but none of these worked.

So, what am I doing wrong? Should I use another server variable? Am I missing something?

More in general: is it possible to do what i'd like to do?

Again, thanks in advance for your help, and please forgive me if I'm asking something obvious but I'm new to using IIS and I couldn't find anything that helped me.

Answer 1

http://weblogs.asp.net/owscott/an-intro-to-iis-url-rewrite-plus-redirecting-urls-to-www-web-pro-week-8-of-52

{REMOTE_USER}, {LOGON_USER} & {AUTH_USER} do not work with URL-REWRITE, ... 

You can use www.isapirewrite.com which runs later in the stack and has a handle on the auth data.