We wanted to enable Forms Based Authentication with AD for a SharePoint site and a standard IIS site with Forefront Threat Management Gateway. We had the issue that we already created the rule with no authentication and we did not receive a login screen for the default IIS site. We did not get the loginscreen from TMG until we changed the firewall rule.
The set-up pretty straightforward and only requires a small adjustment for a standard Firewall rule. I will show you step by step how I have set-up TMG pre-authentication for a basic site and this also applies for SharePoint.
I have created a basic IIS site with the wizard ‘Add Website…’
I then went to our TMG server and created a rule.
Click on ‘Publish Web Sites’
Fill in a name and click on ‘Next >’
Allow the rule and click on ‘Next >’
Publish a single Web site or load balancer and click on ‘Next >’
Our site is HTTPS, click on ‘Next >’
Fill in the site name and an IP address if TMG cannot resolve this, Click on ‘Next >’
Click on ‘Next >’
Fill in the information and click on ‘Next >’
Click on ‘New…’
Fill in the name for the listener and click on ‘Next >’
Select HTTPS and click on ‘Next >’
Select the network according to your situation and click on ‘Next >’
Select the certificate and click on ‘Next >’
Select ‘HTML Form Authentication’ and click on ‘Next >’
Fill in your domain name for SSO and click on ‘Next >’
Click on ‘Finish’
Click on ‘Next >’
Select ‘NTLM authentication’ and click on ‘Next >’
Make sure ‘All Authenticated Users’ has been added to the site. Note that you will see ‘All Users’ if you have not followed the steps above and used No Authentication for the web listener. You will have to change this setting to All authenticated users to be able to receive the login screen from TMG.
Click on ‘Finish’
Navigate to your site and you will now see the following login screen from TMG