Providing Granular Anonymous Access to Web Sites

A common question for UAG administrators is, can I provide anonymous access to a Web site, but require and prompt for authentication when a user clicks a link to access a specific part of the Web site?

Remember: the  definition of a Web Application in UAG is a combination of the Web server, the port and the path. Web application access is dependent on endpoint policy, authentication, and authorization. So you can certainly implement a solution where you prompt for authentication for some pages but not for others, even if they are all hosted on the same server.

The first step is to create a trunk that does not require authentication. Instructions for creating a trunk are here. Note that you’ll have to first create a trunk that requires authentication, and then modify its properties afterwards, so that it does not require authentication. Add your applications to the trunk, using these properties:

Application 1:

• Type: Other Web Application
• Web Server address and ports
• Path(s) to the portion of the Web site not requiring authentication, for example, /news
• No Authentication required

Application 2:

• Type: Other Web Application (same as Application 1)
• Web Server address and ports (same as Application 1)
• Path(s) to the portion of the Web site that do require authentication, for example, /secret
• Authentication required

Having implemented this, when a user requests /news, he will not be prompted to authenticate, but when he chooses /secret, he will be required to authenticate.

Take note that trunk Applications are evaluated on the basis of the order they appear in the trunk’s Applications List Box, so make sure that the application requiring authentication (Application 2 in our case) appears first in the list.

Authors:
Pradeep Bethi, Technical Solution Professional
Nathan Bigman, Content Publishing Manager

Reviewer:
Meir Feinberg, Technical Writer