RE: Secure site not secured
- From: "Shayne Lebrun" <slebrun@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 20 Aug 2001 15:59:01 -0400
Note that Integrated Auth does seem to work using IE 5.5 through ISA.
-----Original Message-----
From: Smith, Carl [mailto:CWSmith@xxxxxxxxxxxx]
Sent: Monday, August 20, 2001 3:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Secure site not secured
http://www.ISAserver.org
Answer to my own question:
<http://support.microsoft.com/support/kb/articles/Q198/1/16.ASP?LN=EN-US
%26SD=gn%26FR=0%26qry=challenge%20response%20proxy%26rnk=4%26src=DHCS_MS
PSS_gn_SRCH%26SPR=PRS>
http://support.microsoft.com/support/kb/articles/Q198/1/16.ASP?LN=EN-US&;
SD=gn&FR=0&qry=challenge%20response%20proxy&rnk=4&src=DHCS_MSPSS_gn_SRCH
&SPR=PRS
When a proxy server is inserted into the system, between the Web browser
and the Web publishing server, NTLM authentication between the client
browser and the WEB publishing server will no longer work. In fact any
authentication method relying on implicit end-to-end state (such as
NTLM) will cease working.
The HTTP 1.1 specification states that all state is hop-by-hop only.
End- to-end state can be achieved using a cookie or some other token
distinct from HTTP. The most obvious symptom of this failing is client
browsers receiving a message about authentication failure, such as
"Access Denied."
Because the HTTP headers for proxy authentication are different from
those for Web server authentication, it is possible to enable Basic
authentication to the proxy and also do Basic authentication between a
client browser and a Web publishing server while connecting through a
Microsoft Proxy Server computer. Microsoft Internet Explorer supports
this configuration.
In summary, Basic authentication does not require an implicit end-to-end
state, and can therefore be used through a proxy server. Windows NT
Challenge/Response authentication requires implicit end-to-end state and
will not work through a proxy server.
Thanks -- Carl W. Smith
Enterprise Internet Services/Aegon Technology Services
(319) 398-7954 - Desk
(319) 533-1714 - NexTel
cwsmith@xxxxxxxxxxxx
-----Original Message-----
From: Smith, Carl
Sent: Monday, August 20, 2001 2:37 PM
To: [ISAserver.org Discussion List]
Subject: Secure site not secured
Ok, I'm having a brain drain here trying to figure this out,
however I'm not having a good enough answer appear to me. We have a
website that is secure, however when accessed through the proxy server
(All proxy servers, CSM, MS Proxy 2.0, ISA PROXY & Netscape proxy) it is
not secure. The site is on the internal network, and when we place the
site in the exception, everything works. However when going through the
proxy servers, the site is not secure.
The site is has a SSL certificate and uses NT challenge response
for authentication to the site. Stumped, any ideas?
Thanks -- Carl W. Smith
Enterprise Internet Services/Aegon Technology Services
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
slebrun@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
