I have three web applications sitting behind an IIS server configured as a reverse proxy. I would like to authenticate users using 'Windows Authentication' (since our only users are intranet users) and I would prefer to only authenticate them once to the reverse proxy server, but have at least an authenticated username available to my .NET MVC controllers on the back for authorization.
The problem is that the NTLM protocol is not really designed to do this. As I have looked into the problem, I have frequently come across descriptions of the 'double hop problem'.
I'm open to any suggestions you may have, including suggestions on where or how to authenticate.
