A common question for UAG administrators is, can I provide anonymous access to a Web site, but require and prompt for authentication when a user clicks a link to access a specific part of the Web site?
Remember: the definition of a Web Application in UAG is a combination of the Web server, the port and the path. Web application access is dependent on endpoint policy, authentication, and authorization. So you can certainly implement a solution where you prompt for authentication for some pages but not for others, even if they are all hosted on the same server.
The first step is to create a trunk that does not require authentication. Instructions for creating a trunk are here. Note that you’ll have to first create a trunk that requires authentication, and then modify its properties afterwards, so that it does not require authentication. Add your applications to the trunk, using these properties:
Having implemented this, when a user requests /news, he will not be prompted to authenticate, but when he chooses /secret, he will be required to authenticate.
Take note that trunk Applications are evaluated on the basis of the order they appear in the trunk’s Applications List Box, so make sure that the application requiring authentication (Application 2 in our case) appears first in the list.
Authors: Pradeep Bethi, Technical Solution Professional Nathan Bigman, Content Publishing Manager
Reviewer: Meir Feinberg, Technical Writer
Dear UAG Team
What would you do if you did not have a list of paths that required authentication?
I my case my application (SharePoint 2010) should determin whether the user should be promted for credentials, or not.
Is there a way to have the UAG server redirect to a authenticated only trunk in case of 401?