• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Question about enabling a 3rd party app to bypass ISA Server authentication

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Question about enabling a 3rd party app to bypass ISA Server authentication Page: [1]
Login
Message << Older Topic   Newer Topic >>
Question about enabling a 3rd party app to bypass ISA S... - 18.Jun.2003 10:44:00 PM   
mcampisi

 

Posts: 4
Joined: 12.Jun.2003
Status: offline 		I have an isa server set to requie authentiacation for outgoing web requests acting as a proxy server. I also have a third party application that uses a web service and is not capable of using domain authenticaton. How can I make it so that we can have clients connect to the web service on the non- isa server without having the clients authenticate to the isa proxy server.
The server the web service is running on is a securenat client and the workstations are using the isa firewall client.

If we don't require authentication for outgoing requests the web service application works, but we need the authentication in order for our network monitor and filter software to function correctly.
Post #: 1
RE: Question about enabling a 3rd party app to bypass I... - 20.Jun.2003 5:29:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi M,

Do not force authentication at the outgoing Web Request listener. Then only require authenitcation for the user groups that you want to require authentication for. Don't require authentication for the machine that doesn't require auth. Not that an app CAN NOT subvert the user credentials. That wouldn't be too secure, would it? [Wink]

HTH,
Tom

(in reply to mcampisi)
Post #: 2
RE: Question about enabling a 3rd party app to bypass I... - 20.Jun.2003 10:59:00 PM   
mcampisi

 

Posts: 4
Joined: 12.Jun.2003
Status: offline 		The problem here (and I have both your books and they are great) is that we use a program called SuperScout to monitor HTTP, URL and general bandwidth traffic. If we do not force outgoing authentication in general, the program only records machine IPs instead of user names. Since 90% of this computers are going to be using DHCP, the reports are useless since we cannot verify who is who for certain if the lease expires.

Maybe my next step is to contact the manfactuers of this software to see if there is any other way to do it, but that configuration is straight out of their tech support staff.

(in reply to mcampisi)
Post #: 3
RE: Question about enabling a 3rd party app to bypass I... - 6.Apr.2004 9:29:00 PM   
Angie

 

Posts: 38
Joined: 24.Jun.2003
Status: offline
quote:
Originally posted by tshinder:
Do not force authentication at the outgoing Web Request listener. Then only require authenitcation for the user groups that you want to require authentication for. Don't require authentication for the machine that doesn't require auth.
How would you setup the server to only require authentication for the user groups?

I'm running into a similar issue with some of our clients that are on a separate workgroup (not a part of our domain). They are constantly prompted for credentials. I'd like to figure out how to allow this group of clients access without the prompts.

We are forcing authentication at the Outbound listener currently.

(in reply to mcampisi)
Post #: 4
RE: Question about enabling a 3rd party app to bypass I... - 8.Apr.2004 9:05:00 PM   
bxr222

 

Posts: 1
Joined: 8.Apr.2004
Status: offline 		Same situation here. .NET Application using web services breaks when requiring authentication on outgoing web requests. Software supplier refuses to rewrite software. We also use Surfcontrol for ISA to block and monitor web access. The report shows only IP's instead of usernames. Does anyone have a workaround for this?

(in reply to mcampisi)
Post #: 5
RE: Question about enabling a 3rd party app to bypass I... - 20.Apr.2004 10:52:00 PM   
Angie

 

Posts: 38
Joined: 24.Jun.2003
Status: offline
quote:
How would you setup the server to only require authentication for the user groups?
Anyone have any idea how to do this or where to find documentation on it?

(in reply to mcampisi)
Post #: 6
RE: Question about enabling a 3rd party app to bypass I... - 21.Apr.2004 2:32:00 AM   
acraick

 

Posts: 20
Joined: 26.Aug.2002
From: Melbourne Australia
Status: offline
quote:
Originally posted by bxr222:
Same situation here. .NET Application using web services breaks when requiring authentication on outgoing web requests. Software supplier refuses to rewrite software. We also use Surfcontrol for ISA to block and monitor web access. The report shows only IP's instead of usernames. Does anyone have a workaround for this?
You probably just need to install the proxy client on the machine that will be running this app for it to work. As long as the app is partially socks compliant it should work. If its not then its not a program that should be accessing the internet anyway.

All the proxy client does in your situation is authenticate the user to the proxy transparently via the client on the users machine so that any apps running think they are connecting directly to the internet without using an proxy authentication.

(in reply to mcampisi)
Post #: 7
RE: Question about enabling a 3rd party app to bypass I... - 21.Apr.2004 2:36:00 AM   
acraick

 

Posts: 20
Joined: 26.Aug.2002
From: Melbourne Australia
Status: offline
quote:
Originally posted by mcampisi:
The problem here (and I have both your books and they are great) is that we use a program called SuperScout to monitor HTTP, URL and general bandwidth traffic. If we do not force outgoing authentication in general, the program only records machine IPs instead of user names. Since 90% of this computers are going to be using DHCP, the reports are useless since we cannot verify who is who for certain if the lease expires.

Maybe my next step is to contact the manfactuers of this software to see if there is any other way to do it, but that configuration is straight out of their tech support staff.
There are number of good programs including surfcontrol and gfi lan guard that can plug into the ISA server and can monitor and control traffic from the same server. These allow you to control your internet access from a single point which is streamlined and also provides other advantages that 'sniffer' applications just can't.

You might want to see if you can cheaply upgrade to one of these applications that intergrates with ISA server rather than compliments it.

The only downside is cost and wether your ISA server has the grunt.

(in reply to mcampisi)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Question about enabling a 3rd party app to bypass ISA Server authentication Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts