Providing Granular Anonymous Access to Web Sites

A common question for UAG administrators is, can I provide anonymous access to a Web site, but require and prompt for authentication when a user clicks a link to access a specific part of the Web site?

Remember: the  definition of a Web Application in UAG is a combination of the Web server, the port and the path. Web application access is dependent on endpoint policy, authentication, and authorization. So you can certainly implement a solution where you prompt for authentication for some pages but not for others, even if they are all hosted on the same server.

The first step is to create a trunk that does not require authentication. Instructions for creating a trunk are here. Note that you’ll have to first create a trunk that requires authentication, and then modify its properties afterwards, so that it does not require authentication. Add your applications to the trunk, using these properties:

Application 1:

  • Type: Other Web Application
  • Web Server address and ports
  • Path(s) to the portion of the Web site not requiring authentication, for example, /news
  • No Authentication required

Application 2:

  • Type: Other Web Application (same as Application 1)
  • Web Server address and ports (same as Application 1)
  • Path(s) to the portion of the Web site that do require authentication, for example, /secret
  • Authentication required

Having implemented this, when a user requests /news, he will not be prompted to authenticate, but when he chooses /secret, he will be required to authenticate.

Take note that trunk Applications are evaluated on the basis of the order they appear in the trunk’s Applications List Box, so make sure that the application requiring authentication (Application 2 in our case) appears first in the list.

Pradeep Bethi, Technical Solution Professional
Nathan Bigman, Content Publishing Manager

Meir Feinberg, Technical Writer

Comments (1)

  1. Morten Andreasen says:

    Dear UAG Team

    What would you do if you did not have a list of paths that required authentication?

    I my case my application (SharePoint 2010) should determin whether the user should be promted for credentials, or not.

    Is there a way to have the UAG server redirect to a authenticated only trunk in case of 401?

Skip to main content