Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Integrated Windows Authentication?

Posted on 2007-10-18
3
Medium Priority
?
892 Views
Last Modified: 2008-01-09
http://msdn2.microsoft.com/en-us/library/ms955939.aspx#cs_gs_security_zhsy

-Integrated Windows authentication does not work over HTTP Proxy connections.
-Additional TCP ports have to be opened in the firewall.

I went to the above web site and checked that the integrated Windows Authentication does not work over HTTP Proxy connection? Why is that the case? IF I am not wrong, the proxy only there to forward the request? I mean it would be perfectly make sense to me to open additional port if required but I didn't get the idea that the IWA didn't work in the HTTP proxy connection.

any thought around this?
0
Comment
Question by:kecoak
  • 2
3 Comments
 
LVL 4

Expert Comment

by:jasco4617
ID: 20106585
The reason this doesn't work is because a trusted connection needs to be made between the client and server.  A proxy server breaks that trust and therefore it breaks IWA.  

By "trust" it means the client can verify who the server is and the server can verify who the client is.  When you throw a proxy in the middle of it, neither of them communicate directly to each other and therefore can't develop a trust..
0
 

Author Comment

by:kecoak
ID: 20116534
but if we were using NLTM, then shouldn't be no problem at all? As far as I am concerned Windows Authentication can be used either NTLM or Kerberos but even with Kerberos, this shouldn't be a problem at all.

Can you elaborate more about the "TRUST" how does it work?


0
 
LVL 4

Accepted Solution

by:
jasco4617 earned 2000 total points
ID: 20116816
NTLM authentication does not work through a proxy server because there needs to be a continuously open connection between the client and server for the various request and response transaction that take place with NTLM v2.  This type of connection can be done with most proxy server due to the nature of how proxy server work.

Kerberos authentication will normally not work from outside the domain since firewalls are usually in place that block the domain controllers from the outside world.

I hope that helps clearify.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question