When you publish a back-end ISA Server 2006 computer on a front-end ISA Server 2006 computer that faces the Internet, you cannot enable forms-based authentication on both computers
You publish a Web site on a back-end Microsoft Internet Security and Acceleration (ISA) Server 2006 computer.
•
You publish the back-end ISA Server 2006 computer on a front-end ISA Server 2006 computer that faces the Internet.
•
You want to enable forms-based authentication on both ISA Server 2006 computers to authenticate Web traffic. For example, the front-end server uses RADIUS one-time password (OTP) together with forms-based authentication. The back-end ISA Server computer is joined to the corporate Active Directory directory service domain. This ISA Server computer uses Windows integrated authentication.
In this scenario, you cannot enable forms-based authentication on both ISA Server computers.
Currently, ISA Server 2006 is hardcoded to use the CookieAuth.dll string as an identifier to implement forms-based authentication. In this case, ISA Server 2006 uses the "cookieauth.dll" string in the URL of the Web requests. If both the front-end ISA Server computer and the back-end ISA Server computer use the same identifier, the front-end computer will process the authentication form that is intended for the back-end computer.
An update is available that lets you enable an alternative cookie authentication handler string for forms-based authentication. Therefore, the front-end computer can use the "cookieauth.dll" string in the URL of the Web requests. The back-end computer can use the "FBAHANDLER.DLL" string in the URL of the Web requests.
Follow these steps on the back-end computer that is running ISA Server 2006:
1.
Apply the hotfix package that is described in the following Microsoft Knowledge Base article:
943215 (http://support.microsoft.com/kb/943215/) Description of the ISA Server 2006 hotfix package: October 7, 2007
2.
Start Notepad.
3.
Copy and then paste the following text into Notepad.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_NAME = "UseAltExtensionRequestIdentifier"
Const SE_VPS_VALUE = true
Sub SetValue()
' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")
'Declare the other objects needed.
Dim array ' An FPCArray object
Dim VendorSets ' An FPCVendorParametersSets collection
Dim VendorSet ' An FPCVendorParametersSet object
' Get references to the array object
' and the network rules collection.
Set array = root.GetContainingArray
Set VendorSets = array.VendorParametersSets
On Error Resume Next
Set VendorSet = VendorSets.Item( SE_VPS_GUID )
If Err.Number <> 0 Then
Err.Clear
' Add the item
Set VendorSet = VendorSets.Add( SE_VPS_GUID )
CheckError
WScript.Echo "New VendorSet added... " & VendorSet.Name
Else
WScript.Echo "Existing VendorSet found... value- " & VendorSet.Value(SE_VPS_NAME)
End If
Err.Clear
VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
If Err.Number <> 0 Then
CheckError
Else
VendorSets.Save false, true
CheckError
If Err.Number = 0 Then
WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
End If
End If
End Sub
Sub CheckError()
If Err.Number <> 0 Then
WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
Err.Clear
End If
End Sub
SetValue
Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
4.
Save the file as a Microsoft Visual Basic script file by using the .vbs file name extension. For example, use the following name to save the file:
UseAltExtensionRequestIdentifier.vbs
5.
Open a command prompt, move to the location in which you saved the UseAltExtensionRequestIdentifier.vbs file, and then type the following command:
On the front-end computer, create a link translation mapping in the Web publishing rule to translate "/cookieauth.dll" to "/FBAHANDLER.DLL." To do this, follow these steps:
1.
Open the ISA Server Management console.
2.
In the console tree, expand Microsoft Internet Security and Acceleration Server 2006.
3.
If you are running ISA Server 2006 Enterprise Edition, expand Arrays, and then expand the node that corresponds to the array. If you are running ISA Server 2006 Standard Edition, expand the node that corresponds to the front-end computer.
4.
Click Firewall Policy.
5.
Right-click the Web publishing rule, and then click Properties.
6.
On the Link Translation tab, make sure that the Apply link translation to this rule check box is selected, and then click Configure.
7.
In the Locally Defined Mappings dialog box, click Add.
8.
In the Replace this text box, type /cookieauth.dll.
Need More Help? Contact a Support professional by Email, Online or Phone.
Customer Service For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
Newsgroups Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.
Back to the top
