Thanks for the fast response.
We use Windows Authentication. The user must authenticate in IIS on server A using a domain account. Once the user has authenticated, the request gets forwarded to the JBoss app on server B. JBoss uses the LOGON_USER value to identify the user. Since we synchronize via LDAP with AD and store the user names within our db, we simply match the LOGON_USER with the names locally held. Since authentication has been completed we do not require further authentication within the application.
This provides us with a simple form of single sign-on.
Today we use IIS6 and the mod_jk ISAPI filter for this. We would like to replace IIS6 and the ISAPI filter with IIS7 and ARR. In some cases server A and server B are different machines (e.g. server A is outside the firewall and server B is inside) so as to provide additional isolation between the application and the internet. In other cases (e.g. single sign-on is the primary requirement within a corporate intranet) IIS and mod_jk are located on the same server as JBoss.
Given this situation, is there a way to configure IIS7/ARR so the LOGON_USER value contains the authenticated user name when the request is received on server B? Or is there a better way to configure things to achieve the same results we are seeking?
Thanks again.