Microsoft Web Application Proxy was introduced in Windows Server 2012 R2. It allows you to access web applications from outside your network and it acts as a reverse proxy and an Active Directory Federation Services proxy to pre-authenticate user access.
This guide walks you through the steps to install and configure web application proxy role on Windows Server 2016.
Web Application Proxy New Features
- Preauthentication for HTTP Basic application publishing
- HTTP Basic is the authorization protocol used by many protocols, including ActiveSync, to connect rich clients, including smartphones, with your Exchange mailbox. Web Application Proxy traditionally interacts with AD FS using redirections which is not supported on ActiveSync clients. This new version of Web Application Proxy provides support to publish an app using HTTP basic by enabling the HTTP app to receive a non-claims relying party trust for the application to the Federation Service.
- Wildcard domain publishing of applications
- To support scenarios such as SharePoint 2013, the external URL for the application can now include a wildcard to enable you to publish multiple applications from within a specific domain, for example, https://*.sp-apps.contoso.com. This will simplify publishing of SharePoint apps.
- HTTP to HTTPS redirection
- In order to make sure your users can access your app, even if they neglect to type HTTPS in the URL, Web Application Proxy now supports HTTP to HTTPS redirection.
- HTTP Publishing
- It is now possible to publish HTTP applications using pass-through preauthentication
- Publishing of Remote Desktop Gateway apps
- New debug log for better troubleshooting and improved service log for complete audit trail and improved error handling
- Administrator Console UI improvements
- Propagation of client IP address to backend applications
The following diagram explains the architectural layout of Web Application Proxy.
Web Application Proxy and Active Directory Federation Services can not be deployed on same server. You need an additional server to set up web proxy. We assume that the following services are already installed and configured accordingly.
Installing the Web Application Proxy Server Role
To begin, Open up and click
This will bring up the Certificate Import Wizard. Click
Once finished click
should open when you clicked Close. On you should see all the objects as green
Finally, its time to publish apps. In the click then
Before you move to test your published app, ask your network guy to set up 443 port redirection to WAP server on firewall to make it possible to access web applications from the external network.
Then from the external network (for example on your smartphone or a PC) from home, try to access your web link like https://rds.techsupportpk.com and the following page will show up.
You have successfully deployed Web Application Proxy in your environment.