This article discusses best practices when you publish two or more internal Web sites that use authentication on a Microsoft Internet Security and Acceleration (ISA) Server 2004-based computer.
↑ Back to the top
We recommend that you publish only one Web site for each Web listener when you use authentication on an ISA Server 2004-based computer.
We also recommend that you do not use the same external name to publish two or more internal Web sites. The internal Web site selection is based on the URL path prefix of the client. Therefore, this kind of deployment is potentially problematic. For example, the Microsoft Outlook Web Access (OWA) Forms-Based Authentication filter always prompts users to enter their logon credentials, even for connections to other virtual directories. The OWA filter does not differentiate a client request based on the URL path. Therefore, an OWA cookie may reach the wrong internal Web site.
↑ Back to the top