RE: Authentication

• From: "Sam Chapman" <adminone@xxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 18 Feb 2004 17:09:22 -0800

Thanks Tom, I sure appreciate your input. I agree basic authentication
without SSL can create a security problem. I will review the documentation
at the isaserver site. Thanks again.
 
Regards,

Sam




-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, February 18, 2004 12:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Authentication

http://www.ISAserver.org

Hi Sam,

Remember, you cannot authenticate at both the ISA firewall and the Web
site. If the Web site requires credentials, then you must not force
authentication at the Web Publishing Rule. In general, its far more
secure to authenticate at the firewall instead of the Web site. If you
are using SSL, then you can use delegation of basic authenticaton, but I
would not recommend it if you are not using SSL.

If you do want to authenticate at both places, then you need to
authenitcate with the ISA firewall using a client certificate (user
certificate) and then authenticate with the Web site. Tons of info on
how to do this over at www.isaserver.org and in the ISA Server 2000
deployment kits.

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Sam Chapman [mailto:adminone@xxxxxxxxxxx] 
Sent: Wednesday, February 18, 2004 1:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Authentication


http://www.ISAserver.org

Thanks Shawn, I was able to get it to work by selecting the basic
authentication option and select the appropriate domain under the
incoming
web requests tab. This option only works by using the basic
authentication.
There is already a client set but it is IP based (Client set = domain
computers). In this scenario I don't see where you can create a group of
users (client set) and then apply a rule to the client set.

Thanks
Sam

-----Original Message-----
From: Quillman Shawn (RBNA/CSA1) [mailto:Shawn.Quillman@xxxxxxxxxxxx] 
Sent: Tuesday, February 17, 2004 9:23 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Authentication

http://www.ISAserver.org


You have to also allow access through the ISA.  Just because it's
prompting
doesn't mean you're allowed.  Create User/Client sets and then create
rules
(S&C) to permit those sets.

-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx


-----Original Message-----
From: Sam Chapman [mailto:adminone@xxxxxxxxxxx]
Sent: Tuesday, February 17, 2004 12:11 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Authentication


http://www.ISAserver.org

  Hi all,

I am testing a web server behind ISA and can't figure out why when I
select
the option to ask unauthenticated users for identification, under the
"Incoming web requests" tab I am unable to access the web server even
though
I used the administrator username and password. I keep getting the same
prompt which asks me for a username and password as if my credentials
are
wrongs. I have tried different domain usernames and passwords and was
unable
to get authenticated. Only when I remove the check mark from the option
to
ask for authentication that I am able to browse the server pages. Any
ideas?

Thanks!

Sam


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
adminone@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
adminone@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » Authentication
• » RE: Authentication
• » Authentication
• » Authentication
• » Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » RE: Authentication
• » Authentication
• » RE: Authentication
• » Authentication
• » Authentication
• » Authentication
• » RE: Authentication

1. Home
2. isalist
3. Archive
4. 02-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---