Marc Thanks for your responses. Unfortunately, it doesn't really shed any light. >>-Why do users get a logon prompt when a site is denied, but not when it is redirected? > Because when it´s redirected it´s not denied. Since it´s not denied, there > should be no prompt for authentication. That's exactly my question. If the site is denied, why is there a prompt? Outgoing web requests are authenticated -usernames are recorded in the web logs - so the proxy service knows whose session it is. And if a site is denied to everyone, then a prompt adds no value anyway. >>-If the site&Content rules deny AnyRequest (including anonymous), then why do we get login prompts at all (there is no >>reason for the web proxy to require authentication for denied sites)? > This is a problem with ISA. You saw article Q297324, right? > Did you do it? Restarted ISA? > It should work. Then you won´t be getting this login prompts anymore. Q297324 rid the recurring logon prompts when opening any allowed site, but NOT when browsing denied sites. >>-If I turn off Reject http requests from firewall and securenat clients, are http requests from firewall clients subject to the >>deny rules in the site & content rules, and if so, why no prompts? > Yes. It seems that when you´re using FWC, ISA has no problem identifying > your credentials. > I use the "Send to requested Web Server" option. Unfortunately, that doesn't use the web proxy service - not in the web log and no caching. ----- Original Message ----- From: "Mark" <marcoswelker@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, October 21, 2002 10:08 AM Subject: [isalist] Re: Web Proxy Authentication Questions > http://www.ISAserver.org > > > -Why do users get a logon prompt when a site is denied, but not when it is > redirected? > Because when it´s redirected it´s not denied. Since it´s not denied, there > should be no prompt for authentication. > > -If the site&Content rules deny AnyRequest (including anonymous), then why > do we get login prompts at all (there is no reason for the web proxy to > require authentication for denied sites)? > This is a problem with ISA. You saw article Q297324, right? > Did you do it? Restarted ISA? > It should work. Then you won´t be getting this login prompts anymore. > > -If I turn off Reject http requests from firewall and securenat clients, > are http requests from firewall clients subject to the deny rules in the > site & content rules, and if so, why no prompts? > > Yes. It seems that when you´re using FWC, ISA has no problem identifying > your credentials. > I use the "Send to requested Web Server" option. > > Hope this helps. > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: gregbrady@xxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub')