On our TMG server, we will be publishing multiple sites: a couple of asp.net websites (published thru forms-based authentication via TMG) and couple of sharepoint sites, etc (published thru TMG on the same server).
We want to leverage TMG’s Single Sign On (SSO) functionality. So for example, if a user is already logged-in our ASP.NET website and he clicks a link which takes him to our sharePoint site, he should be able to get in with SSO (does not need to enter login credentials again).
However, the trick here is that we do NOT want to use the TMG Logon.html page as the entry point. We simply want to designate one of our own asp.net website (published via TMG) and create a custom login.aspx page. This page will ask for the user’s username and password and we will write custom code to authenticate the user against Active Directory (as per my understanding, we cannot use TMG SDK to authenticate the user). Once the user is successfully logged-in into the “entry-point” site, he should be able to simply click links to the other sharepioint sites (published within the same TMG) and be redirected there with SSO.
To summarize my question, we want to “by-pass” TMG’s logon.html page (and its authentication) and instead of that, use one of our own asp.net websites as an entry point to TMG resources (authenticating him against LDAP/AD). Once the user is logged-in, we want to leverage TMG’s SSO.