Previous Next

• 08-19-2008, 7:59 PM

  dotnetsam Joined on 08-19-2008, 11:34 PM Posts 2

  IIS 7.0, Tomcat, forms authentication, SSO Reply Contact According to Scott Gutherie's blog (http://weblogs.asp.net/scottgu/archive/2007/04/02/iis-7-0.aspx), it appeared that you can use forms authentication to protect a jsp website. I have a site that I need to have elementary protection over so that users can't go directly to the site without going through a portal using forms auth. So we set-up the site in IIS 6.0 and IIS 7.0, installed tomcat on IIS using the isapi_redirect and got the site up and working, no problem. Using another article from Scott: http://weblogs.asp.net/scottgu/archive/2007/03/04/tip-trick-integrating-asp-net-security-with-classic-asp-and-non-asp-net-urls.aspx We added wild card mappings and the isapi extension for .jsp. We had success with protect classic ASP sites using this same process, however we can't get it to work. These settings are simply ignored when it comes to the JSP pages. According to the 1st Scott Gutherie article, it appears that forms authentication is baked into IIS, so before IIS redirects processing to tomcat, IIS would catch the request first and apply forms auth.  Does anyone have any suggestions on some other implementations or fixes to this problem? Thanks! Sam

  Tags: Forms AuthenticationIIS 7.0TomcatSSO

• 08-19-2008, 8:45 PM

  In reply to

  CarlosAg Joined on 02-18-2003, 9:23 PM Posts 134

  Re: IIS 7.0, Tomcat, forms authentication, SSO Reply Contact Yes you can use Forms Authentication with any other type of request in IIS 7.0. To do that try opening InetMgr.exe and drill down to the Web Site or application you want to enable that, go to the Modules feature and uncheck the "Invoke only for requests to ASP.NET applications or managed handlers" checkbox for the UrlAuthorization, FormsAuthentication and DefaultAuthentication ASP.NET modules. See this article, in particular the Enabling Forms Authentication for the Entire application portion of it  http://learn.iis.net/page.aspx/244/how-to-take-advantage-of-the-iis7-integrated-pipeline/

• 09-08-2008, 11:25 AM

  In reply to

  sstange Joined on 06-25-2006, 12:47 PM Virginia Posts 1	Re: IIS 7.0, Tomcat, forms authentication, SSO Reply Contact We actually found a way to do this in IIS 6.0 as well. It's definitely a work around, but if you protect the isapi_redirect.dll file, it will protect any jsp files.