Thanks Tom, I sure appreciate your input. I agree basic authentication without SSL can create a security problem. I will review the documentation at the isaserver site. Thanks again. Regards, Sam -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, February 18, 2004 12:53 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Authentication http://www.ISAserver.org Hi Sam, Remember, you cannot authenticate at both the ISA firewall and the Web site. If the Web site requires credentials, then you must not force authentication at the Web Publishing Rule. In general, its far more secure to authenticate at the firewall instead of the Web site. If you are using SSL, then you can use delegation of basic authenticaton, but I would not recommend it if you are not using SSL. If you do want to authenticate at both places, then you need to authenitcate with the ISA firewall using a client certificate (user certificate) and then authenticate with the Web site. Tons of info on how to do this over at www.isaserver.org and in the ISA Server 2000 deployment kits. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Sam Chapman [mailto:adminone@xxxxxxxxxxx] Sent: Wednesday, February 18, 2004 1:43 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Authentication http://www.ISAserver.org Thanks Shawn, I was able to get it to work by selecting the basic authentication option and select the appropriate domain under the incoming web requests tab. This option only works by using the basic authentication. There is already a client set but it is IP based (Client set = domain computers). In this scenario I don't see where you can create a group of users (client set) and then apply a rule to the client set. Thanks Sam -----Original Message----- From: Quillman Shawn (RBNA/CSA1) [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Tuesday, February 17, 2004 9:23 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Authentication http://www.ISAserver.org You have to also allow access through the ISA. Just because it's prompting doesn't mean you're allowed. Create User/Client sets and then create rules (S&C) to permit those sets. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CSA1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-6969 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Sam Chapman [mailto:adminone@xxxxxxxxxxx] Sent: Tuesday, February 17, 2004 12:11 PM To: [ISAserver.org Discussion List] Subject: [isalist] Authentication http://www.ISAserver.org Hi all, I am testing a web server behind ISA and can't figure out why when I select the option to ask unauthenticated users for identification, under the "Incoming web requests" tab I am unable to access the web server even though I used the administrator username and password. I keep getting the same prompt which asks me for a username and password as if my credentials are wrongs. I have tried different domain usernames and passwords and was unable to get authenticated. Only when I remove the check mark from the option to ask for authentication that I am able to browse the server pages. Any ideas? Thanks! Sam ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: adminone@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: adminone@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')