Note that Integrated Auth does seem to work using IE 5.5 through ISA. -----Original Message----- From: Smith, Carl [mailto:CWSmith@xxxxxxxxxxxx] Sent: Monday, August 20, 2001 3:53 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Secure site not secured http://www.ISAserver.org Answer to my own question: <http://support.microsoft.com/support/kb/articles/Q198/1/16.ASP?LN=EN-US %26SD=gn%26FR=0%26qry=challenge%20response%20proxy%26rnk=4%26src=DHCS_MS PSS_gn_SRCH%26SPR=PRS> http://support.microsoft.com/support/kb/articles/Q198/1/16.ASP?LN=EN-US&; SD=gn&FR=0&qry=challenge%20response%20proxy&rnk=4&src=DHCS_MSPSS_gn_SRCH &SPR=PRS When a proxy server is inserted into the system, between the Web browser and the Web publishing server, NTLM authentication between the client browser and the WEB publishing server will no longer work. In fact any authentication method relying on implicit end-to-end state (such as NTLM) will cease working. The HTTP 1.1 specification states that all state is hop-by-hop only. End- to-end state can be achieved using a cookie or some other token distinct from HTTP. The most obvious symptom of this failing is client browsers receiving a message about authentication failure, such as "Access Denied." Because the HTTP headers for proxy authentication are different from those for Web server authentication, it is possible to enable Basic authentication to the proxy and also do Basic authentication between a client browser and a Web publishing server while connecting through a Microsoft Proxy Server computer. Microsoft Internet Explorer supports this configuration. In summary, Basic authentication does not require an implicit end-to-end state, and can therefore be used through a proxy server. Windows NT Challenge/Response authentication requires implicit end-to-end state and will not work through a proxy server. Thanks -- Carl W. Smith Enterprise Internet Services/Aegon Technology Services (319) 398-7954 - Desk (319) 533-1714 - NexTel cwsmith@xxxxxxxxxxxx -----Original Message----- From: Smith, Carl Sent: Monday, August 20, 2001 2:37 PM To: [ISAserver.org Discussion List] Subject: Secure site not secured Ok, I'm having a brain drain here trying to figure this out, however I'm not having a good enough answer appear to me. We have a website that is secure, however when accessed through the proxy server (All proxy servers, CSM, MS Proxy 2.0, ISA PROXY & Netscape proxy) it is not secure. The site is on the internal network, and when we place the site in the exception, everything works. However when going through the proxy servers, the site is not secure. The site is has a SSL certificate and uses NT challenge response for authentication to the site. Stumped, any ideas? Thanks -- Carl W. Smith Enterprise Internet Services/Aegon Technology Services ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: slebrun@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')