• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Proxy Authentication

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> General >> Proxy Authentication Page: [1]
Login
Message << Older Topic   Newer Topic >>
Proxy Authentication - 25.Mar.2008 12:52:23 AM   
sentry

 

Posts: 4
Joined: 24.Mar.2008
Status: offline
Is it possible in ISA 2004 to get an authentication box to pop up when attempting to access the internet. The senario is we have a couple of POS computers that we don't want casual staff accessing the internet on. However when senior staff are sometimes working from these computers we would like them to be able to enter a username and password into a pop up box in Internet Explorer and be given access to the internet. I have noticed that the authentication appears to be integrated with the login account, is it possible to get around this??
Post #: 1
RE: Proxy Authentication - 25.Mar.2008 10:25:16 AM   
gbarnas

 

Posts: 155
Joined: 27.Apr.2005
From: New Jersey
Status: offline
Create a rule specific to the POS computers. Instead of your access rule being "authenticated users", create an AD group called Internet Users, add the users permitted to access the Internet from the POS systems to that group. Those users can then authenticate when needed, or have transparent access if they log on with their credentials. Other users will not be able to access the Internet from those systems at all.

Glenn

(in reply to sentry)
Post #: 2
RE: Proxy Authentication - 27.Mar.2008 4:53:40 AM   
sentry

 

Posts: 4
Joined: 24.Mar.2008
Status: offline
Hi, Thanks for the response.

I have created the specific firewall rule with only allows AD group "Internet Users" access to protocols HTTP & HTTPS. This is blocking web traffic for the login which is used on the Point Of Sale computers. However there appears to be no way of providing a different username to the proxy server without logging off the user and logging on as a different user. This isn't practical as the generic login is required for the role the computer is performing. Is there a way to get the proxy server to prompt for a username and password when the user opens internet explorer and tries to browse external web content?

(in reply to gbarnas)
Post #: 3
RE: Proxy Authentication - 27.Mar.2008 7:12:58 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
You can change the default behaviour using the following article: http://msdn2.microsoft.com/en-us/library/ms826234.aspx

This will produce an authentication prompt when users are denied access and allow an alternate user to be defined...

However, if the POS runs under the same context as the user, I cannot see how you will be able to differentiate access rules between them??? Can you not run the POS application under a speciifc user/service account to allow you to differentiate  between the POS system and the actual user logged on?

Another option is to restrict access to a specific destination set that is required for the POS system - this will allow the POS to work, but restrict access to other web sites when they share the same user ID. If the user then tries to browse to other website they will be denied and the above change should produce an authentication prompt. So in theory you will have two rules as follows:

Rule 1: Allow web access for the POS system and limit to certain destinations - this will also be applied to the logged on user if using a shared account
Rule 2: Allow web access to all other websites for senior users by using a specific group

Cheers

JJ

< Message edited by Jason Jones -- 27.Mar.2008 7:21:57 AM >


_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to sentry)
Post #: 4
RE: Proxy Authentication - 6.Apr.2008 6:07:13 PM   
sentry

 

Posts: 4
Joined: 24.Mar.2008
Status: offline
Hi,

What is described in the msdn article is exactly what I would like to happen. However I am not a programmer, is this easy to implement or will it need some programming knowledge?

(in reply to Jason Jones)
Post #: 5
RE: Proxy Authentication - 7.Apr.2008 5:54:55 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Just copy the sample code into a .vbs file and run it

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to sentry)
Post #: 6
RE: Proxy Authentication - 8.Apr.2008 2:07:26 AM   
sentry

 

Posts: 4
Joined: 24.Mar.2008
Status: offline
Thanks Jason,

Everything is working correctly now. Thanks heaps for the help.

(in reply to Jason Jones)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> General >> Proxy Authentication Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts