How to use IIS as a trusted proxy for ActiveDirectory SSO?

Posted by brofield on Server Fault See other posts from Server Fault or by brofield
Published on 2010-04-22T03:27:07Z Indexed on 2010/04/22 3:33 UTC
Read the original article Hit count: 348

Filed under:

iis

|

trusted

|

reverse-proxy

|

sso

|

active-directory

I'm trying to add Active Directory single-sign-on support to an existing SOAP server. The server can be configured to accept a trusted reverse-proxy and use the X-Remote-User HTTP header for the authenticated user. I want to configure IIS to be the trusted proxy for this service, so that it handles all of the Active Directory authentication for the SOAP server.

Basically IIS would have to accept HTTP connections on port X and URL Y, do all the authentication, and then proxy the connection to a different server (most likely the same X and Y).

Unfortunately, I have no knowledge of IIS or AD (so I am trying my best to learn enough to build this solution) so please be gentle. I would assume that this is not an uncommon scenario, so is there some easy way to do this?

Is this sort of functionality built into IIS or do I need to build some sort of IIS proxy program myself?
Is there a better option for getting the authentication done and the X-Remote-User HTTP header set than requiring IIS?

© Server Fault or respective owner

Related posts about iis

How to find and fix issue with Pound and HAProxy

as seen on Server Fault - Search for 'Server Fault'
Pound sits in front of HAProxy (on the same box) to perform SSL off-load. Requests are passed to 127.0.0.1:80 where HAProxy then balances the requests across backend servers for a hosted ASP .NET web app. A user is getting HTTP error 500 (Internal Server Error) returned to their browser this morning… >>> More
How to migrate deploy RESTful WCF Web Service from IIS 6.0 to IIS 7.0

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi all, I have a WCF Restful Web Service. It works find under VS and IIS 6.0. Now I want to move it to another work station with IIS 7.0 on it. I tried to copy all the deploy file from IIS 6 to IIS 7, but it cannot be accessed by other client, except for the request from it's own machine. I don't… >>> More
Server with IIS and Apache - how to SSL encrypt Apache with IIS

as seen on Server Fault - Search for 'Server Fault'
I have a Windows Server 2003 box already setup and working with IIS 6. IIS is set to serve a site out over both HTTP and HTTPS connections using default ports. For various reasons I need to set Apache up on the same server and it needs to serve its pages to end-users as SSL encrypted HTTPS pages… >>> More
Having IIS remote management problem with my vista machine managing Server 2008 IIS 7.5

as seen on Server Fault - Search for 'Server Fault'
I am trying to use IIS 7 Remote Management installed on Vista Ultimate SP1. Connection is to IIS 7.5 on Windows Server 2008 Webserver R2. Tried on both full & core install. When I connect up, the console wants to download and install new features. Microsoft.Web.Management.IisClient 7.5.0.0 Microsoft… >>> More
MVC4 App opens with directory listing and gives a 404 for any direct URL's entered in the browser

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I've just deployed a previously (on my local IIS) working MVC4 app to IIS 7.5 on the dev server. After tweaking this and that - one knows how these things get forgotten - the app finally launches, but shows a directory listing of the app root. Clicking on most links there works, opening the directory… >>> More

Related posts about trusted

Coming soon: Gmail contextual gadgets available for trusted testers

as seen on Google Code - Search for 'Google Code'
At Campfire One this week we announced that we will soon open Gmail contextual gadgets as a new extension point for developers. These gadgets can smartly draw information... >>> More
How to set Visio 2003 Trusted Locations

as seen on Super User - Search for 'Super User'
I see the option in Visio 2003 to only trust macros stored in trusted locations, but I can't find any way to set up what these trusted locations are. My problem is I have a template file that's not signed in the VBA project but the VBA project is locked (so I can't just sign it myself). So, there… >>> More
Trusted Sites via GPO: <*.> gets left off

as seen on Server Fault - Search for 'Server Fault'
As stated in the question title: one of our end users has to make use of a web application which requires her to add the website to trusted sites. By default, this is disabled, but after my colleague added the sites to the GPO pushing these in such form: *.domain.com it shows up as domain.com in… >>> More
Visual Studio Unit Tests : dll is not trusted

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm struggling getting some unit tests running and wondering if anyone might have anything insightful. The setup is that we've got a bunch of referenced DLL's on a server and when I try and execute I get the old Test Run deployment issue: The location of the file or directory 'c:\source\ProjectName\bin\debug\3rdPartyLibrary… >>> More
Trusted Folder/Drive Picker in the Browser

as seen on Stack Overflow - Search for 'Stack Overflow'
I'd like to write a Folder/Drive picker the runs in the browser and allows a user to select files to upload to a webservice. The primary usage would be selecting folders or a whole CD and uploading them to the web with their directory structure in tact. I'm imagining something akin to Jumploader but… >>> More