Hello everyone!
I am trying to configure the Active Roles websites to authenticate in Azure via an Azure Application Proxy, so that we can have only one IIS site and grant different authorizations depending on the site being accessed. For example, if accessing the activeroles.mycompany.com/ARWebAdmin, only a specific group is able to log in, while if accessing activeroles.mycompany.com/ARSupport, only a different group can access.
To give more context and information on the current situation:
At the moment, we have an infrastructure of Active Roles set up that performs the Windows authentication on premises (for the different Active roles Web Pages).
In order to define different authorization policies, namely, group X can only access web page X, and group Y can only access web Page Y, we created multiple IIS sites, one site for each Web Page/Site of active roles, so that we can use IIS Authorization rules to accomplish this goal. However, this obliges us to have a different URL for each site, instead of having one URL for all sites and then having multiple rules according to the path being accessed (for example, '/siteX' vs '/siteY').
We are trying to circumvent this situation by configuring an Azure Application Proxy so the authentication request would be sent to the Proxy and it could apply policies based on URL paths. Unfortunately, we are not finding success authenticating the users this way.
Has anyone managed to configure something similar?
Appreciate any help we can get. Thank you!