IIS URL rewrite + Windows AuthenticationRSS

3 replies

Last post Sep 25, 2020 09:42 AM by Brucz

  • IIS URL rewrite + Windows Authentication

    Aug 31, 2020 04:08 AM|ingale88s|LINK

    I want to do Url rewrite a request from https://server1/abc to https://server2/abc using IIS.

    Basically I want to do reverse proxy from server1(ARR Proxy server) to server2(Content Server). I can do that using IIS Urlrewrite module but only with the Anonymous authentication.

    Problem is that In my case server1 has AD connected not the server2. So, I need to do windows authentication of a request in server1 and send authenticated username to server2.

    Now, I'm stuck at a point

    1.  I can't enable AD on server2(It's not possible because of company's architecture).
    2.  Not able to pass Windows authenticated user from server1 to server2. because Urlrewrite happens before authentication happens.
    3. and lastly, I read that in Microsoft.AspNetCore.Rewrite package .net core has, can't rewrite from one domain to another.

    I stuck at this problem from last couple of days. If you can suggest something then that would be really helpful. Thanks.

    Post I read to to solve this problem.

    1. https://docs.microsoft.com/en-us/archive/blogs/benjaminperkins/configure-application-request-routing-with-windows-authentication-kerberos
    2. https://forums.iis.net/t/1241382.aspx?URL+Rewrite+and+Windows+Authentication
  • Re: IIS URL rewrite + Windows Authentication

    Aug 31, 2020 10:02 AM|Brucz|LINK

    Hi ingale88s,

    In IIS, windows authentication happened before url rewrite. You can use failed request tracing to check the order of execution of these modules in the request.

    When windows authentication happened, user’s information will not contain in url. So you can’t send user name to server2.

    Best regards,

    Burcz

    .NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.
  • Re: IIS URL rewrite + Windows Authentication

    Aug 31, 2020 01:26 PM|ingale88s|LINK

    Hi Brucz,

    In that case how will I send a user information to server2 where I need logged in username. Do you have any idea if any header I can set to receive this username? Really appreciate your help.

  • Re: IIS URL rewrite + Windows Authentication

    Sep 25, 2020 09:42 AM|Brucz|LINK

    Hi ingale88s,

    You can try another way, use url rewrite of server1 to pass user to server2, then use windows authentication in server2.

    According to Microsoft document, server2 can do windows authentication even it is not a member of an active directory domain. Another way is you could use the custom HTTP module which sends the authenticated user custom header.

    Configure Application Request Routing with Windows Authentication, Kerberos

    Best regards,

    Brucz

    .NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.