X-Username is used for logging, reporting and compliance purposes. Use X-Username to log usernames at each server in a proxy chain.

Are you in a situation where you have multiple proxy servers in a chain and you need to view/log the username at each proxy server?

Typically the username can only be logged at the point of authentication, but now with X-Username for TMG, ISA Server and IIS you can track the username at any point in your proxy chain.

This is ideal for log analysis when branch offices connect to the Internet via a head office proxy server, and when the username is required on a web server for accurate reporting and analysis.

Making forward proxy requests from TMG / ISA Server: X-Username for TMG / ISA Server adds the X-Username field to the HTTP header of web requests leaving the proxy server. The new field contains the username of the user who authenticated the connection from their web browser.

Receiving forward proxy requests into TMG / ISA Server: If the TMG / ISA Server receives a proxy request which contains the X-Username field in the HTTP header, the filter will log the X-Username value as the username instead of the connection account (typically anonymous) of the requesting proxy server. Any proxy to proxy authentication is not lost, it is added to the Filter Information field in the proxy server logs. If it is the last proxy in a forward proxy chain the header is removed by default for security. In a reverse proxy scenario the header is forwarded on to the published web server for processing.

Security: In a forward proxy scenario, if the TMG / ISA Server is not configured with a web chaining rule it will not add the X-Username header, this helps to prevent your internal user names being revealed to the Internet. NB: You should never trust X-Username information that originates from outside of your organisation as the field is not signed or authenticated. Use the Proxy to Proxy authentication to prevent X-Username spoofing.

System requirements

X-Username for TMG Minimum Server System Requirements:

  • Windows Server 2008 R2
  • TMG 2010 Standard Edition or Enterprise Edition

X-Username for ISA Server Minimum Server System Requirements:

  • Windows Server 2003
  • ISA Server 2004 Standard Edition or Enterprise Edition or
  • ISA Server 2006 Standard Edition or Enterprise Edition

X-Username for IIS Minimum Server System Requirements:

  • Native x86 and x64 support
  • Windows Server 2003 with IIS 6.0 or
  • Windows Server 2008 & R2 with IIS 7.0

Languages:

  • X-Username for TMG is compatible with multi-lingual versions of Windows Server 2008 R2 and TMG 2010, however is only available in English.
  • X-Username for ISA Server is compatible with multi-lingual versions of Windows Server 2003 and ISA Server, however is only available in English. (Tested on English and Spanish editions)
  • X-Username for IIS is compatible with multi-lingual versions of Windows, however is only available in English. (Tested on English, Dutch and Spanish editions)

Product support and documentation is only available in English

X-Username for TMG / ISA Server includes:

  • Runs on Forefront Threat Management Gateway 2010
  • Runs on ISA Server 2006 and 2004
  • 64bit and 32bit
  • Forward and Reverse proxy
  • Support for SSL in forward proxy scenarios
  • Works with both HTTP and SSL connections for Web Publishing
  • Supports proxy chains longer than two servers in both directions

Winfrasoft Customers: