Publish IIS site with TMG pre-authentication

We wanted to enable Forms Based Authentication with AD for a SharePoint site and a standard IIS site with Forefront Threat Management Gateway. We had the issue that we already created the rule with no authentication and we did not receive a login screen for the default IIS site. We did not get the loginscreen from TMG until we changed the firewall rule.

The set-up pretty straightforward and only requires a small adjustment for a standard Firewall rule. I will show you step by step how I have set-up TMG pre-authentication for a basic site and this also applies for SharePoint.

I have created a basic IIS site with the wizard ‘Add Website…’

clip_image002

I then went to our TMG server and created a rule.

clip_image004

Click on ‘Publish Web Sites’

clip_image006

Fill in a name and click on ‘Next >’

clip_image008

Allow the rule and click on ‘Next >’

clip_image010

Publish a single Web site or load balancer and click on ‘Next >’

clip_image012

Our site is HTTPS, click on ‘Next >’

clip_image014

Fill in the site name and an IP address if TMG cannot resolve this, Click on ‘Next >’

clip_image016

Click on ‘Next >’

clip_image018

Fill in the information and click on ‘Next >’

clip_image020

Click on ‘New…’

clip_image022

Fill in the name for the listener and click on ‘Next >’

clip_image024

Select HTTPS and click on ‘Next >’

clip_image026

Select the network according to your situation and click on ‘Next >’

clip_image028

Select the certificate and click on ‘Next >’

clip_image030

Select ‘HTML Form Authentication’ and click on ‘Next >’

clip_image032

Fill in your domain name for SSO and click on ‘Next >’

clip_image034

Click on ‘Finish’

clip_image036

Click on ‘Next >’

clip_image038

Select ‘NTLM authentication’ and click on ‘Next >’

clip_image040

Make sure ‘All Authenticated Users’ has been added to the site. Note that you will see ‘All Users’ if you have not followed the steps above and used No Authentication for the web listener. You will have to change this setting to All authenticated users to be able to receive the login screen from TMG.

clip_image042

Click on ‘Finish’

Navigate to your site and you will now see the following login screen from TMG

clip_image043