How to control access to multiple webapps behind a single virtual server using AD groups
I have a number of webapps behind a single virtual server. Access to each webapp should be granted based on group membership in an AD group.
Example:
VirtualServer1(Extranet.example.test)
Webapp1(Extranet.example.test\webapp1)
members of AD\Webapp1-access group should only have access to this webapp
Webapp2(Extranet.example.test\webapp2)
members of AD\Webapp2-access group should only have access to this webapp
Webapp3(Extranet.example.test\webapp3)
members of AD\Webapp3-access group should only have access to this webapp
What is the best way to accomplish this?
Currently, I use iRules to direct traffic based on the path\uri to the correct application pool. When I assign an Access Policy to VirtualServer1, I can control authentication based on the Landing URI variable, but once authenticated a user is able to gain access to any one of the 3 apps. It seems Access Policies are not able to be assigned dynamically via iRules. I started to test using a separate 'Internal Virtual Server' for each app but am unable to assign an HTTP profile and Access Policy to this type of Virtual Server either. What am I missing, is there a better way to accomplish this?
Thanks, Dan