Re: Web Proxy Authentication Questions
- From: "Greg" <GregBrady@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 21 Oct 2002 11:56:55 -0400
Marc
Thanks for your responses. Unfortunately, it doesn't really shed any light.
>>-Why do users get a logon prompt when a site is denied, but not when it is
redirected?
> Because when it´s redirected it´s not denied. Since it´s not denied, there
> should be no prompt for authentication.
That's exactly my question. If the site is denied, why is there a prompt?
Outgoing web requests are authenticated -usernames are recorded in the web
logs - so the proxy service knows whose session it is. And if a site is
denied to everyone, then a prompt adds no value anyway.
>>-If the site&Content rules deny AnyRequest (including anonymous), then why
do we get login prompts at all (there is no >>reason for the web proxy to
require authentication for denied sites)?
> This is a problem with ISA. You saw article Q297324, right?
> Did you do it? Restarted ISA?
> It should work. Then you won´t be getting this login prompts anymore.
Q297324 rid the recurring logon prompts when opening any allowed site, but
NOT when browsing denied sites.
>>-If I turn off Reject http requests from firewall and securenat clients,
are http requests from firewall clients subject to the >>deny rules in the
site & content rules, and if so, why no prompts?
> Yes. It seems that when you´re using FWC, ISA has no problem identifying
> your credentials.
> I use the "Send to requested Web Server" option.
Unfortunately, that doesn't use the web proxy service - not in the web log
and no caching.
----- Original Message -----
From: "Mark" <marcoswelker@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, October 21, 2002 10:08 AM
Subject: [isalist] Re: Web Proxy Authentication Questions
> http://www.ISAserver.org
>
>
> -Why do users get a logon prompt when a site is denied, but not when it is
> redirected?
> Because when it´s redirected it´s not denied. Since it´s not denied, there
> should be no prompt for authentication.
>
> -If the site&Content rules deny AnyRequest (including anonymous), then why
> do we get login prompts at all (there is no reason for the web proxy to
> require authentication for denied sites)?
> This is a problem with ISA. You saw article Q297324, right?
> Did you do it? Restarted ISA?
> It should work. Then you won´t be getting this login prompts anymore.
>
> -If I turn off Reject http requests from firewall and securenat clients,
> are http requests from firewall clients subject to the deny rules in the
> site & content rules, and if so, why no prompts?
>
> Yes. It seems that when you´re using FWC, ISA has no problem identifying
> your credentials.
> I use the "Send to requested Web Server" option.
>
> Hope this helps.
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
gregbrady@xxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
