Re: Why unable to proxy NTLM?
From: Aaron (aza_rc_at_yahoo.com)
Date: 10/04/04
- Next message: John Flemming: "Re: How to FTP?"
- Previous message: andrew: "How do you kill the dfault password on ISS"
- In reply to: Troy: "Re: Why unable to proxy NTLM?"
- Messages sorted by: [ date ] [ thread ]
Date: 4 Oct 2004 00:16:45 -0700
One of the reasons it would be handy to be able to pass through NTLM
or Digest credentials would be so you could use the full range of
Windows authentication mechanisms on a web server.
At the moment if your client and web server are separated by a proxy
you can only use basic authentication or a custom solution. If I am
wrong here I would love to be corrected.
The reason I want to be able to pass through NTLM is a bit different.
I want to enable a customised local proxy that checks whether a GET
request can be serviced in a peer-to-peer (this is an enterprise app)
fashion before sending the request to the web server.
The app works fine when IE is configured to use it as a proxy unless
the web server requests NTLM or digest authentication. If IE gets a
request for authentication and it knows it is using a proxy it does
not attempt to send the credentials it just gives up on the request
(if it doesn't know it using a proxy there are no problems getting IE
to send and the proxy to pass through the credentials).
It appears to be a design decision in IE not to send credentials to
proxies and I want to find out whether ISA is an axception to this
rule, i.e. will IE attempt to authenticate through only ISA (perhaps
if it has been authenticated to the proxy server) and no other
proxies.
Thanks,
Aaron
troy@engenetec.com (Troy) wrote in message news:<c89e8b4f.0410012155.7d06b2fb@posting.google.com>...
> I am not sure why it will not proxy NTLM. I ran into this when
> connecting to a web server in a DMZ. I had to enable basic
> authentication in order for the log in credentials to pass. I spoke
> with a high level engineer from Microsoft about this and he was
> stumped. As long as no one is capturing packets while you are
> authicating you will be ok. I my case it was not often and it was
> behind a Pix as well so no worries. Why do you need NTML to pass
> through? If you don't mind me asking.
>
> Troy
> MCSA MCP CIW A+ Network+ I-Net+
> http://www.engenetec.com
>
> aza_rc@yahoo.com (Aaron) wrote in message news:<2836a31b.0409300020.1fde748c@posting.google.com>...
> > Hi,
> >
> > Why can't ISA proxy NTLM requests?
> >
> > It doesn't appear to be for any technical reason. Is it instead a
> > security policy decision that has been made by Mircosoft in order to
> > stop a server being able to impersonate a client?
> >
> > Thanks,
> > Aaron
- Next message: John Flemming: "Re: How to FTP?"
- Previous message: andrew: "How do you kill the dfault password on ISS"
- In reply to: Troy: "Re: Why unable to proxy NTLM?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
