Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
When does Integrated Windows auth break?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
When does Integrated Windows auth break? - 1.Oct.2003 7:39:00 PM
|
|
|
asutherland
Posts: 51
Joined: 23.Jan.2003
From: Nelson, B.C.
Status: offline
|
Extracted from p. 769 of ISA and Beyond "It does not work with a firewall..." -
1. ?Which firewall the client's outbound firewall or the inbound ISA server? I'm assuming that it means the receiving proxy ISA server, as it is doing reverse proxy to the Exchange server and can't authenticate the client on behalf of the Exchange IIS server at the firewall.
2. When does Integrated Windows Authentication break for inbound via internet OWA? Many of my test cases with OWA publishing, without SSL, where Integrated is turned on at the Exchange IIS are working when I expect them to fail.
3. Extracted from Microsoft KB article:
"When a proxy server exists between the Web browser and the Web server, Integrated Windows Authentication between the client browser and the Web server is not possible"
?Does the MS KB article mean the proxy server that exists between the web browser and the published server is the ISA server? Or some other outbound Proxy server that the web browser might encounter to get outbound access to the Internet?
4. If Windows Authentication is turned on at the
IIS/Exchange Server as an alternative authentication - the client IE 5.5+ browser negotiates Windows Integrated and user will be prompted for ID, PW and Domain and browser will not fall back to a lower authentication - Basic.
a) ?Therefore, for the OWA publishing to work for LAN and Internet IE clients through ISA, only Basic authentication should be turned on for the Web sites (and SSL added for securing passwords and encrypting the tunnel)?
b) ?Then the LAN clients can't used cached credentials and will be prompted for ID/PW with Basic?
Scenario:
Web browser IE 5.5 or later (over Internet) connecting through ISA Server to
Web Published Outlook Web Access site (Exchange 2000/IIS5). Exchange IIS Default Web Site has Basic and Integrated ON . /Exchweb has Anon and Integrated ON, /Exchange has Basic and Integrated(for LAN and Internet clients)
thanks for clarifying this for me.
Allison
|
|
|
|
|
RE: When does Integrated Windows auth break? - 1.Oct.2003 9:22:00 PM
|
|
|
tshinder
Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Allison,
I could go on a long discourse, but there is only one valid answer:
basic auth with SSL.
The farther you deviate from that path, the more problems that you'll have and the more frustrated you will get.
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
