Possible to modify which brower user agent strings to use FBA for? (Full Version)

All Forums >> [ISA 2006 Publishing] >> Web Publishing


Jack in the Box -> Possible to modify which brower user agent strings to use FBA for? (10.Jan.2007 3:30:34 PM)

In ISA 2004 I use FlexAuth from Collective Software to provide forms based authentication for my various web publishing rules.  One of the nice features though is the ability to specify which browser's to supply a FBA page for based on the browser user agent string, with those that do not meet the criteria falling back to a standard basic authentication prompt.  For example, this is the what I currently have FlexAuth configured to use FBA for:  (MSIE 5\..*|MSIE 6\..*|MSIE 7\..*|Gecko). 

This works really well in that mobile devices, like a PDA, usually present an MSIE 4.01 user agent string and instead of trying to render a FBA page for the mobile user to authenticate with instead the device uses a standard authentication prompt and it is consistent.

I'm currently working on a migration from ISA 2004 to ISA 2006 and obviously with ISA 2006 natively supporting FBA I'm hoping to eliminate FlexAuth entirely.  The default forms are smart enough to fall back to basic authentication for Outlook, Word, etc... so things like RPC over HTTPS, ActiveSync from a mobile device or Word opening a document from a WSS document library all get prompted for credentials using basic authentication and it works great.  The one issue I have though is the mobile web browsers on Pocket PC's and such are getting the FBA page when they browse to an ISA 2006 published site instead of getting prompted for basic autyhentication like we currently have configured using FlexAuth.

When I was beta testing ISA 2006 I brought this up in the newsgroups and I recall the response being that this behaviour could be modified programtically but not through the GUI.  According to this page (http://www.microsoft.com/technet/isa/2006/authentication.mspx) this setting is controlled by the ISA Server COM object FPCRuleElements.UserAgentMappings.


Fallback to Basic authentication
By default, when form-based authentication cannot be used with a specific client, ISA Server requires Basic authentication instead. This is configured in the ISA Server COM in the user agent mappings collection, FPCRuleElements.UserAgentMappings. For more information, see the ISA Server SDK documentation.

Well, not wanting to be one of those guys who is hoping someone will do my work for me I downloaded the ISA 2006 SDK to get more information and I found the section dealing with user agent mappings but I'm over my head and I'm not sure how to get the current values ISA is using, yet alone what to change to get the result I desire.

Anyone here have experience modifying the user agent settings that FBA uses?  Also, before anyone says it, yes, I know ISA 2006 can render mobile compatible FBA pages but I need mobile devices to receive that standard authentication prompt instead for other reasons.

tshinder -> RE: Possible to modify which brower user agent strings to use FBA for? (18.Jan.2007 10:15:35 AM)

You might want to move this to the programming section, as I doublt many admins have the programming background required for the solution.


Jack in the Box -> RE: Possible to modify which brower user agent strings to use FBA for? (18.Jan.2007 11:51:04 AM)


The question is now posted here:  http://forums.isaserver.org/m_2002036541/mpage_1/key_/tm.htm#2002036541

Page: [1]