Step 5: Plan to Publish Applications using Pass-through Preauthentication

Published: August 26, 2013

Updated: August 26, 2013

Applies To: Windows Server 2012 R2



This topic describes the preauthentication flow when using pass-through preauthentication and the planning tasks for publishing applications through Web Application Proxy using pass-through preauthentication.

The general pass-through preauthentication flow is as follows:

  1. The client device attempts to access a published web application on a particular resource URL.

    The resource URL is a public address on which Web Application Proxy listens for incoming HTTPS requests.

  2. Web Application Proxy forwards the HTTPS request directly to the backend server using either HTTP or HTTPS.

  3. If required by the backend server, the user authenticates directly to the backend server.

  4. After successfully authenticating, the client now has access to the published web application.

noteNote
Web Application Proxy does not support wildcard domain publishing. That is, you cannot configure an external URL using a wildcard; for example, https://*.contoso.com.

No additional planning is required for applications that use pass-through preauthentication.

noteNote
Applications that use pass-through preauthentication cannot leverage the additional features that AD FS provides; such as, Workplace Join, multifactor authentication (MFA), and multifactor access control.

Community Additions

Show: