Step 5: Plan to Publish Applications using Pass-through Preauthentication

Updated: August 26, 2013

Applies To: Windows Server 2012 R2

This topic describes the preauthentication flow when using pass-through preauthentication and the planning tasks for publishing applications through Web Application Proxy using pass-through preauthentication.

The general pass-through preauthentication flow is as follows:

1. The client device attempts to access a published web application on a particular resource URL.

   The resource URL is a public address on which Web Application Proxy listens for incoming HTTPS requests.

2. Web Application Proxy forwards the HTTPS request directly to the backend server using either HTTP or HTTPS.

3. If required by the backend server, the user authenticates directly to the backend server.

4. After successfully authenticating, the client now has access to the published web application.

Note

Web Application Proxy does not support wildcard domain publishing. That is, you cannot configure an external URL using a wildcard; for example, https://*.contoso.com.

5.1. Plan Applications for Pass-Through Preauthentication

No additional planning is required for applications that use pass-through preauthentication.

Note

Applications that use pass-through preauthentication cannot leverage the additional features that AD FS provides; such as, Workplace Join, multifactor authentication (MFA), and multifactor access control.

See also

• Step 3: Plan to Publish Applications using AD FS Preauthentication

• Plan to Publish Applications through Web Application Proxy

• Installing and Configuring Web Application Proxy for Publishing Internal Applications

• Web Application Proxy Walkthrough Scenario