IIS configuration for routing to internal serverRSS

5 replies

Last post Jul 31, 2019 07:32 AM by Jalpa Panchal

  • IIS configuration for routing to internal server

    Jul 16, 2019 07:45 AM|akao|LINK

    Hello

    In these days I am trying to find out if the configuration of IIS could help with a problem we are facing with Cognos.

    This is the situation:

    An application server (Cognos)  is running on our internal network (running on IIS 10)

    The application server is accessible through a gateway-server IIS  in the DMZ - e.g. https://www.domainx.nl  (running on IIS 10)

    We us AD for authentication. The external users are registered in our AD to have access

    The gateway server has a connection to the internal server application server and serves the Cognos reports. This works fine, the Cognos reports are served as expected.

    The problem though is that we use hyperlinks in the Cognos reports pointing to files which are stored on the fileserver in combination with a virtual directory in IIS. The virtual directory exists only on the Cognos application server in the internal network. Not on the gateway, because of security. It's not possible to copy the files to the gateway server.  The files are only available for logged on AD users.

    When a user click on such a hyperlink he/she receive a page not found error. The gateway server is trying to serve the request from the gateway server and not from the application server.

    An example of the steps.

    1. end user logs on through internet through www.domainx.nl (pointing to gateway server)
    2. the gateway serves the Cognos report needed.
    3. the end user clicks on a hyperlink in the cognos report, e.g. www.domainx.nl/downloads/file1.csv
    4. the user receive 'page not found' as reponse

    Anyone familiar with this situation? Is this a situation that perhaps could be solved using ARR, WAP or some other IIS configuration? Forget about Cognos, it could any application I think.

    Would it help for example if we would use IIS sites instead of virtual directory

    Any help or suggestion is welcome. Could be that it's not clear yet, please let me know.

    Thanks in advance. Below an image as illustration

  • Re: IIS configuration for routing to internal server

    Jul 16, 2019 05:29 PM|Chris Becke|LINK

    Typically you setup ARR as a reverse proxy to handle situations like this:

    ARR on the Gateway server would have a rewrite rule that would see requests to files.external.com/{url} and rewrite them to http://internalapp/downloads/{url}

    You need some way however to guard this endpoint, Ive never tried ARR and rewriting like this with AD authentication so I have no idea if its possible or what complexity it adds. An alternate way to solve it is to use an internal storage system that can create pre-signed urls (i.e. single use urls that expire) that are shared to external users, and those can be rewritten safely by ARR on your gateway server. 

  • Re: IIS configuration for routing to internal server

    Jul 17, 2019 08:23 AM|akao|LINK

    Thank you very much Chris. 

    You're right about the complexity regarding AD authentication. That's the issue we are trying to control at the moment. As far as I understand (as a developer) the problem is that there is no 'synchronisation' of the AD authentication between the Cognos part and the iis virtual directory within Cognos (internalapp).

    We have some support from our cognos/ibm partner and they are analyzing an option to use Cognos for this synchronisation.


  • Re: IIS configuration for routing to internal server

    Jul 24, 2019 01:29 AM|Jalpa Panchal|LINK

    Hi,

    Is your issue solved?

    If your issue is solved then I suggest you to post your solution and mark it as an answer.

    If your issue still exists then try to refer the solution given by the community members.

    If then also you have any further questions then let us know about it.

    We will try to provide further suggestions to solve the issue.

    Thanks for your understanding.

    Regards

    Jalpa.

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: IIS configuration for routing to internal server

    Jul 24, 2019 12:15 PM|akao|LINK

    Hello Jalpa

    Unfortunately still no solution. So if possible I would like to keep it open. A possible option that I have found so far is using WAP web application proxy? But at the moment we are putting effort in a work around. Personnaly I am still convinced that there must be a way. So there is any suggestion that would be great.

    Thank you and best regards

    Aziz

  • Re: IIS configuration for routing to internal server

    Jul 31, 2019 07:32 AM|Jalpa Panchal|LINK

    Hi,

    You can try to check the network HTTP response  header server value using a browser network tool this shows that which server is responding:

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.