Re: Microsoft Knowledge Base Article - 821724, a nasty one!

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 13 Jul 2003 07:32:36 -0500

Hi Jim,

OK, good. I haven't test out the scenario yet. I'll have to get the
hotfix first, and then run it. 

So, the fix just breaks basic over HTTP, which isn't a big deal. I can't
even blame my misunderstanding on the wording of the KB, because now
that I read it again, its clear:

"This hotfix permits you to control whether ISA Server requests Basic
authentication for *non-secure* incoming HTTP Web requests. If you want
ISA Server to request Basic authentication on non-secure connections,
add the following registry key"

Maybe they could put the "non-secure" entry in italics for goofballs
like me :-)

Thanks!
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Sunday, July 13, 2003 12:46 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Microsoft Knowledge Base Article - 821724, a
nasty one!


http://www.ISAserver.org


No; absotively, posilutely not.
Basic delegation is alive and well.
What's forever broken (and labeled as officially unsupported henceforce)
is Basic over HTTP for any WPR on that server if the regkey is set.

Are you saying that it broke delegation for you?
I didn't see that in my testing...

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!



http://www.ISAserver.org


Hi Jim,

So, just to confirm that I have this right.

Scenaro:

1. Install Feature Pack 1

2. Configure OWA Web Publishing Rule - Require SSL for the connection in
the Web Publishing Rule

3. Configure the Web Publishing Rule to allow delegation of basic
authentication credentials

Result:
Basic credentials are protected by SSL if the request is entered correct
as HTTPS
Basic credentials are NOT protected by SSL if users messes up and enters
HTTP

4. Install Hotfix and configure the Registry per KB article

Result:
Breaks the cool delegation of basic credentials feature.

There has to be a more elegant way to solve this problem, such as a
redirect when they type http instead of https?

Thanks!
Tom


Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 



-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Saturday, July 12, 2003 9:11 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Microsoft Knowledge Base Article - 821724, a
nasty one!


http://www.ISAserver.org


Remember, too; once you set this, you can't use ANY web publishing rules
with basic credentials if the request comes in over HTTP.
Believe it or not, that was actually a request.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Han Valk" <Han.Valk@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, July 12, 2003 00:40
Subject: [isalist] Microsoft Knowledge Base Article - 821724, a nasty
one!


http://www.ISAserver.org


Hi,

Came across this one. Not pretty!!

Best regards,
Han Valk.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Microsoft Knowledge Base Article - 821724, a nasty one!
• » RE: Microsoft Knowledge Base Article - 821724, a nasty one!
• » Re: Microsoft Knowledge Base Article - 821724, a nasty one!
• » Re: Microsoft Knowledge Base Article - 821724, a nasty one!
• » Re: Microsoft Knowledge Base Article - 821724, a nasty one!
• » Re: Microsoft Knowledge Base Article - 821724, a nasty one!
• » Re: Microsoft Knowledge Base Article - 821724, a nasty one!

1. Home
2. isalist
3. Archive
4. 07-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---