Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Web publishing rule processing

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Web publishing rule processing Page: [1]
Login
Message << Older Topic   Newer Topic >>
Web publishing rule processing - 20.Mar.2007 1:35:17 PM   
55west

 

Posts: 5
Joined: 20.Mar.2007
Status: offline 		How can I publish a HTTPS site that first authenticates by IP and if the IP is not allowed then to authenticate via HTML form? I can achieve this by using two different listeners but I would really like to use one (or at least one IP address that clients connect to).

We had this setup on our ISA2000 box. Any suggestions?
Post #: 1
RE: Web publishing rule processing - 20.Mar.2007 7:00:35 PM   
mylo

 

Posts: 138
Joined: 26.Mar.2002
Status: offline 		I'm not quite sure I follow you 100% but....

..publish a HTTPS site that first authenticates by IP.. you mean limit access thru ISA to specific address(es)/clients? you could alway use client certs and then fallback to a secondary authentication (not forms tho)

Regards,
Mylo

(in reply to 55west)
Post #: 2
RE: Web publishing rule processing - 21.Mar.2007 12:44:18 PM   
55west

 

Posts: 5
Joined: 20.Mar.2007
Status: offline 		We are using the ISA server in a reverse proxy scenario. We would like to authenticate connecting clients via IP first then authenticate by username/password if their IP address is not allowed.

(in reply to mylo)
Post #: 3
RE: Web publishing rule processing - 22.Mar.2007 9:50:48 AM   
mylo

 

Posts: 138
Joined: 26.Mar.2002
Status: offline 		Hmm.. you're going to have problems because strictly speaking identification of an IP address does not qualify as a form of authentication... you can apply a rule to a given source but this is not what you're after... the only conditional access that I can think that can apply here with a web listener is where you allocate a client certificate to a given client (which isn't exactly precise) and then degrade authentication to something like basic authentication when the client fails to or doesn't support this form of authentication. Of course this doesn't meet your HTML form requirement.

Can you elaborate a bit more on the how and the why?

Regards,
Mylo

(in reply to 55west)
Post #: 4
RE: Web publishing rule processing - 22.Mar.2007 12:17:05 PM   
55west

 

Posts: 5
Joined: 20.Mar.2007
Status: offline 		 
I don't mean we are "authenticating ip" but rather certain IP ranges are allowed through. Our application has it's own login screen so customers with allowed IP's are still required to login. However, we have several customers that also work from home. Since maintaining their home IP's is diffuclt and unmanageable we would like to pre authenticate them with a forms-based screen instead.

Now the trick is how can we achieve both but with only one external IP (listener)?

(in reply to mylo)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Web publishing rule processing Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts