X-Username is used for logging, reporting and compliance purposes. Use X-Username to log usernames at each server in a proxy chain.
Are you in a situation where you have multiple proxy servers in a chain and you
need to view/log the username at each proxy server?
Typically the username can only be logged at the point of authentication, but now
with X-Username for TMG, ISA Server and IIS you can track the username at any point
in your proxy chain.
This is ideal for log analysis when branch offices connect to the Internet via a
head office proxy server, and when the username is required on a web server for
accurate reporting and analysis.
Making forward proxy requests from TMG / ISA Server: X-Username
for TMG / ISA Server adds the X-Username field to the HTTP header
of web requests leaving the proxy server. The new field contains the username of
the user who authenticated the connection from their web browser.
Receiving forward proxy requests into TMG / ISA Server: If the
TMG / ISA Server receives a proxy request which contains the X-Username
field in the HTTP header, the filter will log the X-Username value as the username
instead of the connection account (typically anonymous) of the requesting proxy
server. Any proxy to proxy authentication is not lost, it is added to the Filter
Information field in the proxy server logs. If it is the last proxy in
a forward proxy chain the header is removed by default for security. In a reverse
proxy scenario the header is forwarded on to the published web server for processing.
Security: In a forward proxy scenario, if the TMG / ISA Server
is not configured with a web chaining rule it will not add the X-Username header,
this helps to prevent your internal user names being revealed to the Internet. NB:
You should never trust X-Username information that originates from outside of your
organisation as the field is not signed or authenticated. Use the Proxy to Proxy
authentication to prevent X-Username spoofing.
X-Username for TMG Minimum Server System Requirements:
- Windows Server 2008 R2
- TMG 2010 Standard Edition or Enterprise Edition
X-Username for ISA Server Minimum Server System Requirements:
- Windows Server 2003
- ISA Server 2004 Standard Edition or Enterprise Edition or
- ISA Server 2006 Standard Edition or Enterprise Edition
X-Username for IIS Minimum Server System Requirements:
- Native x86 and x64 support
- Windows Server 2003 with IIS 6.0 or
- Windows Server 2008 & R2 with IIS 7.0
- X-Username for TMG is compatible with multi-lingual versions of Windows
Server 2008 R2 and TMG 2010, however is only available in English.
- X-Username for ISA Server is compatible with multi-lingual versions
of Windows Server 2003 and ISA Server, however is only available in English. (Tested
on English and Spanish editions)
- X-Username for IIS is compatible with multi-lingual versions of Windows,
however is only available in English. (Tested on English, Dutch and Spanish
Product support and documentation is only available in English
X-Username for TMG / ISA Server includes:
- Runs on Forefront Threat Management Gateway 2010
- Runs on ISA Server 2006 and 2004
- 64bit and 32bit
- Forward and Reverse proxy
- Support for SSL in forward proxy scenarios
- Works with both HTTP and SSL connections for Web Publishing
- Supports proxy chains longer than two servers in both directions