NTLM and Anonymous Access

NTLM and Anonymous Access Not Supported

There is currently no supported solution that allows anonymous access to Confluence while using NTLM as the authentication method for Confluence.

Unsupported Solutions Will Cause Problems

Some brave souls have suggested the following two solutions, when using Confluence with IIS. Both suggestions are unsupported and both offer problems:

• Use two ports/URls, one for anonymous users and one for NTLM users.
• Develop a custom redirection page within IIS.

(Not Supported) Using Two Ports and Two Base URLs

With this approach, you would send all anonymous users to the Tomcat port (for example, 8080) and send all NTLM users to the IIS port. If someone uses the anonymous port and tries to access content that is not available to anonymous users, they will be presented with the Confluence login page. At that point they can enter their Active Directory credentials, and are then using Active Directory integration instead of NTLM.

(Not Supported) Developing a Custom Redirection Page

With this approach everyone uses the IIS URL, and IIS is configured to allow anonymous access. Your development team would need to create a custom solution as follows:

• Create a custom page within IIS. It could be called login-redirect.aspx in the root of the IIS web. This page would examine the query string for the name 'os_destination' and perform a redirect to the value of that query string.
• In IIS, configure the above page not to allow anonymous access.
• Modify the confluence\login.vm file to redirect to to the custom page created above (login-redirect.aspx). It would pass along the 'os_destination' query string value'.