Web Application Proxy in Windows 2012 R2

Web Application Proxy is a new role service in Windows 2012 R2, that can be configured as an ADFS Proxy or Reverse Proxy solution (an alternative to TMG / UAG) to publish applications to the internet.

Web Application Proxy serves as a barrier between the Internet and your corporate applications. In many organizations, when you deploy Web Application Proxy and publish applications through it, those applications will be available to external users on devices that are not joined to your domain; for example, personal laptops, tablets, or smartphones. These devices are not domain-joined and as such, they are described as unmanaged devices, and are untrusted within the corporate network. Since you want your users to be able to access important information whenever and wherever they are located, you must mitigate the security risk of allowing users access to corporate resources from these unmanaged and untrusted devices. Web Application Proxy provides a number of security features to protect your corporate network from external threats. Web Application Proxy uses AD FS for authentication and authorization to ensure that only users on devices who authenticate and are authorized can access your corporate applications.

Web Application Proxy must always be deployed with AD FS. This enables you to leverage the features of AD FS, such as, single sign-on (SSO). This enables users to enter their credentials one time and on subsequent occasions, they will not be required to enter their credentials. SSO is supported by Web Application Proxy for backend servers that use claims-based authentication; for example SharePoint claims-based applications, and Integrated Windows authentication using Kerberos constrained delegation. Integrated Windows authentication-based applications can be defined in AD FS as relying party trusts which can define rich authentication and authorization policies that are enforced in requests to the application.

Publishing Application in WAP:

When you publish applications through Web Application Proxy, the process by which users and devices are authenticated before they gain access to applications is known as preauthentication. Web Application Proxy supports two forms of preauthentication:

  • AD FS preauthentication—When using AD FS for preauthentication, the user is required to authenticate to the AD FS server before Web Application Proxy redirects the user to the published web application. This ensures that all traffic to your published web applications is authenticated.

  • Pass-through preauthentication—Users are not required to enter credentials before they connect to published web applications.

In the 2nd part we will discuss installation of Web application Proxy (WAP) and configuration of ADFS Proxy and publishing device registration service.

Comments (4)

  1. Anonymous says:

    Pingback from Configure Web Application Proxy server and publish Device Registration service in Windows 2012 R2 | MS Tech BLOG

  2. part 2 adfs ? :) says:


  3. yuffie says:

    18m bid
    http://candidates2014.fide.com/christian-louboutin-sale-uk-harbour/ for
    http://www.vinirolfo.it/polo-ralph-lauren-italia-triumph/ Probability Multi millionaire investors in probability, including icap’s michael spencer, nigel wray and joe lewis who between them account for more than 30 per cent of the group’s equity, were relieved
    to say cheerio to
    http://en.gomanyuk.com/begin-at-michael-kors-bags-outlet/ their major shareholdings in the
    http://www.ozone-aqua-centre.com/lauder-michael-kors-online-outlet/ mobile gambling operator after gtech wheeled out an agreed 18m, or 50p a share, cash bid for the company. The
    offer, which represented a 38 per cent premium above the prevailing market price, sent the depressed stock 16.5p or 52 per cent higher to 48p.That was still
    http://www.zestiply.com/?p=5998 well shy of the march 2013 high of 68.5p. With the shares in the dog house, it certainly came as no surprise to hear that the board and management of probability including co founder,
    chief executive and 6.54 per cent shareholder Charles Cohen, fully supported the bid.They believe it to be in the best interests not just of probability shareholders, but also all of probability’s employees and customers.

Skip to main content