RE: Proxy Authentication

Wow, not sure what happened to my original reply. I meant to say that I got
the authentication issue fixed through a previous post on this board
regarding 502 vs 407 errors and the vbscript that I some how cut and pasted
below. I have one more issue that I can't figure out. How do I get a
password change prompt working through ISA 2004? I have users who may have
an expired password or users whose accounts may be in "user must change
password at next login" mode. Thanks.

"Steve" wrote:

> ISA2004-neverdeny.vbs
>
> ' Standard Disclaimer:
>
> ' This script is purely for example purposes
>
> ' and should not be used by anyone, ever.
>
> ' It's designed for use with CSCRIPT, not WSCRIPT. So don't just
> double-click it unless you
>
> ' really enjoy being bombarded with dialog boxen.
>
> ' TristanK
>
>
>
> TheOnlyOneOfInterest = "Internal" ' we want to reset the internal
> network listener
>
> setting = True ' True = Enabled, False = Disabled (default)
>
>
>
> found = 0
>
>
>
> set root = CreateObject("FPC.Root")
>
>
>
> set firewall = root.GetContainingArray
>
>
>
> set networks = firewall.NetworkConfiguration.Networks
>
>
>
> for each network in networks
>
>
>
> 'Wscript.echo network.name
>
>
>
> if TheOnlyOneOfInterest = network.name then
>
> found = found + 1
>
>
>
> Wscript.echo "Found network: " + network.name
>
> network.WebListenerProperties.ReturnAuthRequiredIfAuthUserDenied
> = setting
>
>
>
> ' this is pure bumf- feel free to comment it out if you don't
> want to be prompted
>
> ' the Wscript.stdin.readline line requires the latest version of
> the VBScript/WSH components
>
> Wscript.echo "Property Set - press Enter to Save the change."
>
> Wscript.stdin.readline
>
> Wscript.echo "Please wait..."
>
>
>
> ' Commit the configuration change
>
> network.WebListenerProperties.Save
>
> end if
>
> next
>
>
>
> if found = 0 then
>
> Wscript.echo "Target network was not found."
>
> else
>
> Wscript.echo "Done."
>
> end if
>
>
>
> "Steve" wrote:
>
> > Appreciate any help. I'm upgrading from Proxy Server 2.0 on NT4 to ISA 2004
> > on Server 2003. Both the old and new server have only one NIC and we only
> > use the server for caching/web logging/Internet browsing control. Having
> > trouble getting authentication to work like in Proxy 2.0. I've tried to set
> > things up in ISA 2004 but can't quite get it working right. Here's what I'm
> > hoping to accomplish. I have an AD group consisting of users that are
> > allowed to browse through the proxy server. I'd like the proxy server to
> > check credentials of every client browsing through it. I'd like this to be
> > some what integrated, the proxy server checks credentials through the browser
> > and if the user currently logged onto the PC is in the approved group then
> > access is granted without them having to re-enter credentials. If the user
> > currently logged onto the PC is not in the group, I'd like a login screen to
> > appear prompting for credentials that must match a user in the approved
> > group. I would also like this prompt to be able to handle an expired
> > password or a password that must be changed at next login. With Proxy 2.0
> > IIS was required. I haven't installed IIS yet on Server 2003 with ISA 2004.
> > IIS was actually used on the old server to deal with the password change and
> > I'm guessing I'll need to install it on the new server?
> >
> > My approach so far has been to create a new User Set that consists of my AD
> > group. To apply the firewall allow rule to this group. Then in my Internal
> > Network in Proxy to experiment with authentication. If I turn on Integrated
> > only then the semless passthru works for users logged onto the PC that are in
> > the allowed user set. However I get an access denied page instead of a
> > credential prompt for other users. If I turn on basic authentication only
> > then I get a prompt for everyone, even users already logged onto the PC have
> > to revalidate. If I turn on both integrated and basic then the behavior is
> > integrated, no fall back prompt to basic in the current user is not in the
> > approved group. I haven't tested the password change scenerios yet so not
> > sure if any of that functionality is in the product by default. Thanks.
.

Relevant Pages

  • [REVS] NTLM HTTP Authentication is Insecure By Design
    ... in front of a web server, and that proxy server shares a single TCP ... These are attacks that make use of non-RFC HTTP requests (HTTP Request ... the authentication is associated with the ...
    (Securiteam)
  • Re: Single user issue; best troubleshooting
    ... single user account repeatedly prompts for authentication? ... Is the user fully authenticated on the domain prior to the prompt? ... Is this happing while accessing Exchange or some email server? ... some bugs that Outlook experiences. ...
    (microsoft.public.windows.server.active_directory)
  • RE: WCF Proxy Authentication
    ... The remote server returned an unexpected response: ... Authentication Require ... I have hosted WCF services on Windows Longhorn Server Beta 3. ... authenticate our request in the proxy server. ...
    (microsoft.public.dotnet.security)
  • Re: Prompts for username and password
    ... We have built a new webserver with Windows Server 2003/IIS 6.0. ... We have the default web site set for anonymous authentication. ... password protected area is going to prompt for credentials. ...
    (microsoft.public.inetserver.iis.security)
  • RE: Proxy Authentication
    ... for each network in networks ... Both the old and new server have only one NIC and we only ... > allowed to browse through the proxy server. ... I would also like this prompt to be able to handle an expired ...
    (microsoft.public.isa.clients)