2

ISA Server 2006 publishing a web site; ISA does forms-based authentication against an Active Directory domain (which ISA itself is joined to), then, if the user is authorized, ISA sends the user's credentials to the published web site using HTTP authentication.

The problem: the credentials sent to the published web site are in the format "DOMAIN\UserName", while the web site expects them to contain the user name only.

Before we ask the developers to modify their web site to strip the "DOMAIN\" part from the user name, is there any way to make ISA send these credentials without prepending the domain name to them?

I already tried the following:

  • Not setting a default domain in the listener properties: ISA prepends the AD domain's FQDN to the user name.
  • Setting a default domain in the listener properties: ISA prepends the NetBIOS name of the AD domain to the user name.

What we need is to send to the published web site only the user name.

If this can not be done by ISA Server 2006 but can be done by TMG 2010, please let me know.

Massimo
  • 68,714
  • 56
  • 196
  • 319

3 Answers3

4

Looks like this is a ISA/TMG built-in behaviour, and it can't be altered at all.

Massimo
  • 68,714
  • 56
  • 196
  • 319
0

We have exactly the same problem on TMG 2010 when trying to delegate AD credentials to a Linux SVN server, we ended up changing the source code to strip it out

Phil
  • 3,138
  • 1
  • 21
  • 27
0

Can you try switching from FBA to say.. Basic Auth (over SSL of course.) That may drop the domain for you.

Tatas
  • 2,091
  • 1
  • 13
  • 19