Configuring X-Authenticated-User chaining

You can pass authentication details from your ISA/TMG server to the cloud proxy via a plug-in from Forcepoint LLC. This plug-in allows the cloud proxy to read the X-Forwarded-For and X-Authenticated-User headers sent by the downstream ISA/TMG server as part of a proxy chained configuration.
X-Forwarded-For Contains the client IP address
X-Authenticated-User When ISA authentication is turned on, this header will be populated with the user domain and username (domain\user).

With this setup, end users can be authenticated transparently by the cloud proxy, removing an authentication step and improving performance.

Two versions of the plug-in are available, for 32-bit ISA servers and 64-bit TMG servers. Zip files for both versions are available for download:
  1. Log on to your Forcepoint website account.
  2. Select the Downloads tab.
  3. Select Forcepoint Web Security Cloud from the Product drop-down list.
  4. In the list that appears, expand TMG 64-bit plugin for Content Gateway or ISA 32-bit plugin for Content Gateway to see the download details. You will need to scroll down to older product versions to see the ISA 32-bit plug-in. Click the download link to start the download.
Install the plug-in as follows:
  1. Copy the appropriate Websense-AuthForward.dll file (for 32-bit or 64-bit) to the Microsoft ISA/TMG installation directory. The default directory for this file is C:\Program Files\Microsoft ISA Server for ISA server, or C:\Program Files\Microsoft Forefront Threat Management Gateway for ForefrontTMG.
    For the 32-bit version, install the following files in the installation directory in addition to Websense-AuthForward.dll:
    msvcp100.dll
msvcr100.dll
  2. Open a Windows command prompt and change directory to the installation directory.
  3. From the command prompt, type
    regsvr32 Websense-AuthForward.dll
  4. Verify the plug-in was registered in the ISA/TMG management user interface (Start > Programs > Microsoft ISA Server > ISA Server Management, or Start > Programs > Microsoft Forefront TMG > Microsoft Forefront TMG Management). In the Configuration (for 32-bit) or System (for 64-bit) section, select Add-ins, then click the Web-filter tab. The WsAuthForward plug-in should be listed.
To uninstall the plug-in, run the following command in a Windows command prompt from the ISA/TMG installation directory.
regsvr32 /u Websense-AuthForward.dll