Customers often like the convenience of not having to enter credentials using the internal URL but do not like having two URLs to use. As a result, we are tasked with providing a solution to this dilemma. Back in the days of ADFS 2.0, we could easily handle this with a much simpler tweak in IIS of the ADFS server. Unfortunately, with the newer versions of ADFS no longer using IIS as its backbone this is no longer an option and a URL Rewrite rule now must be implemented on the CRM/D365 server. Here’s how:
1. Open IIS on the CRM/D365 Front End (web) Server and go to the URL Rewrite module of the CRM Website.
2. Click the link to “Add Rule(s)” and just select “Blank Rule” under Inbound rules.
3. Give the rule an applicable name and in the Match URL section, leave both the ”Requested URL” and “Using” fields as their defaults (shown in screen capture). In the “Pattern” field type in (.*).
4. This is where it gets fun. In the Conditions section, you will add three rules in the order shown below.
a. For the first rule, change “crmorgname” to the actual name of your organization.
b. For the second rule, change the pattern to match that of your internal IP range.
c. Just enter the third rule as shown – no changes needed – ([^\.]*)\.(.*)
5. In the Action section, change the “Action type” to “Redirect” and for the Redirect URL enter your internal CRM/D365 URL followed by the syntax shown in the screenshot. Leave “Append query string” checked and set the Redirect type to “Permanent (301)”.
6. Apply the URL Rewrite rule and test it by going to the external URL from a machine that has an IP address matching that of the ranges specified on your network. If everything was setup correctly, the external URL will redirect to the internal URL and pass-through authentication will occur.