Sole's Blog

We had a customer asking for the main part of their Sharepoint website to be accessible from the public with anonymous access, and still have a part of the website require authentication thru Forms Based Authentication (FBA) in ISA 2006 firewall. Since ISA can only have one listener on a website, and the authentication is set on the listener, this was a little bit tricky to solve.

The solution however is extremely simple and I hope this little bit of information will save someone else some time.

Anonymous access with FBA enabled

To use Anonymous and FBA you need to create two publishing rules, remember ISA will choose the first rule that matches the request, so create the most restrictive publishing rule first, and the other publishing rule second. Because we can only have one listener for the site, we need to use FBA for all of the site, but by allowing the unauthenticated user access, it will not be prompted.

Example with Anonymous access for the entire website, but require FBA for a /secure part of the website.

1. Create one listener “sole.dk” in ISA 2006 with Forms Based Authentication enabled.
2. Create first publishing rule for the FBA secure part of the website, i.e. http://sole.dk/secure/ with the sole.dk web listener.
3. Create second publishing rule for the anonymous part of the website, i.e. http://www.sole.dk/ with the sole.dk web listener.
4. Replace the “Authenticated Users” with “All Users” group to the web publishing rule, under the “Users” tab in ISA 2006.

This setup will use FBA for the listener, but for all other parts of the website than /secure, the “All Users” setting in ISA will make it bypass the authentication request for all users, so they do not recieve the prompt.

3 Responses to “How to publish a website with both Anonymous and Forms Based Authentication in ISA 2006”