Re: Web Proxy Authentication Questions
- From: "Greg" <GregBrady@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 21 Oct 2002 18:19:03 -0400
To put it in simpler terms:
1) If the web logs can determine who makes the request (with outgoing
authentication), then there is no reason for a prompt, as the service knows
whose session it is.
2) If a site is denied to ANY request, why have a prompt at all? Just
return the 407 error. And for pop-ups, don't even return that.
This isn't a terrible problem, as I am now redirecting to local page. Its
more of a "why'd they do that" question.
But thank you Mark.
Greg
----- Original Message -----
From: "Mark" <marcoswelker@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, October 21, 2002 3:26 PM
Subject: [isalist] Re: Web Proxy Authentication Questions
> http://www.ISAserver.org
>
>
> >-Why do users get a logon prompt when a site is denied, but not when it
> is
> redirected?
>
> > That's exactly my question. If the site is denied, why is there a
prompt?
>
> I see it in this way: since ISA server is redirecting you to another site
> which is not denied, then it would be like if you were going to an allowed
> site in first place. So no prompt.
>
> > Outgoing web requests are authenticated -usernames are recorded in the
web logs - so the proxy service knows whose session it is. And if a site is
> denied to everyone, then a prompt adds no value anyway.
>
> > ISA is sometimes stupid. It prompts you for authentication in a hope for
a valid credential.
>
> >>-If the site&Content rules deny AnyRequest (including anonymous), then
> why
> do we get login prompts at all (there is no >>reason for the web proxy to
> require authentication for denied sites)?
>
> >Q297324 rid the recurring logon prompts when opening any allowed site,
> but
> NOT when browsing denied sites.
>
> Q297324
> "When a destination set is configured, the client receives an HTTP 407
> error for each domain that is RESTRICTED".
>
> I mean, after you modified the registry, there were no changes?
>
>
> >>-If I turn off Reject http requests from firewall and securenat clients,
> are http requests from firewall clients subject to the >>deny rules in the
> site & content rules, and if so, why no prompts?
>
> >Unfortunately, that doesn't use the web proxy service - not in the web
> log
> and no caching.
> That´s correct. Only Firewall Service.
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
gregbrady@xxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
