Sole's Blog

We had a customer asking for the main part of their Sharepoint website to be accessible from the public with anonymous access, and still have a part of the website require authentication thru Forms Based Authentication (FBA) in ISA 2006 firewall. Since ISA can only have one listener on a website, and the authentication is set on the listener, this was a little bit tricky to solve.

The solution however is extremely simple and I hope this little bit of information will save someone else some time.

Anonymous access with FBA enabled

To use Anonymous and FBA you need to create two publishing rules, remember ISA will choose the first rule that matches the request, so create the most restrictive publishing rule first, and the other publishing rule second. Because we can only have one listener for the site, we need to use FBA for all of the site, but by allowing the unauthenticated user access, it will not be prompted.

Example with Anonymous access for the entire website, but require FBA for a /secure part of the website.

1. Create one listener “sole.dk” in ISA 2006 with Forms Based Authentication enabled.
2. Create first publishing rule for the FBA secure part of the website, i.e. http://sole.dk/secure/ with the sole.dk web listener.
3. Create second publishing rule for the anonymous part of the website, i.e. http://www.sole.dk/ with the sole.dk web listener.
4. Replace the “Authenticated Users” with “All Users” group to the web publishing rule, under the “Users” tab in ISA 2006.

This setup will use FBA for the listener, but for all other parts of the website than /secure, the “All Users” setting in ISA will make it bypass the authentication request for all users, so they do not recieve the prompt.

Related posts:

1. How to publish RD Web & Gateway (2008 r2) on ISA 2006, and still have time to watch The Big Bang Theory! So I was asked the question, how do You publish the new Windows Server 2008 and 2008 R2...
2. How to configure ISA 2006 with FBA for OWA and NTLM for Outlook Anywhere and Autodiscover in Exchange 2007 Configuration of Exchange 2007 with Outlook Web Access (OWA), Outlook Anywhere (OA), ActiveSync and Autodiscover can add grey...
3. How to fix missing PPTP Interfaces from RRAS console in ISA 2006 and stop a memory leak in the process All PPTP VPN interfaces in ISA 2006 (sp1) disappeared from the Routing and Remote Access Service console, this...
4. How to remove the anoying password prompt when downloading Office documents from Sharepoint We use Sharepoint for document sharing in our Company, so do many others. With the default settings in...
5. How to install a SSL certificate backup file on Exchange 2007 and still have time for facebook The easiest way (I love easy!) to order and install an SSL certificate on Exchange 2007, is to...

2 Responses to “How to publish a website with both Anonymous and Forms Based Authentication in ISA 2006”