Something that has brought about confusion is how to configure the Web Listener in Forefront 2010 for SharePoint.
As opposed to normal websites that use some internal authentication method SharePoint requires a unique approach to how TMG listens and routes the web service.
Among these is how you configure your web listener for the SharePoint sites. This is what a typical listener property page looks like.
There are three tabs which we will concentrate on.
In this tab you would select which networks are appropriate for your SharePoint site. Since my site will be available to all networks I have all of them selected as pictured below.
This is the configuration where you will specify whether the SharePoint traffic deals with HTTP and/or HTTPS traffic. In my example I’m only using HTTP traffic.
In this particular one you want to select ‘HTTP Authentication’ with ‘Integrated’ process as pictured below.
Next click ‘Advanced…’ button on this same tab.
Make sure ‘Allow Client authentication over HTTP’ to be checked. This will allow the SharePoint normal SharePoint auth process to function for SharePoint.