Integrated Windows Authentication?

Posted on 2007-10-18
Last Modified: 2008-01-09

-Integrated Windows authentication does not work over HTTP Proxy connections.
-Additional TCP ports have to be opened in the firewall.

I went to the above web site and checked that the integrated Windows Authentication does not work over HTTP Proxy connection? Why is that the case? IF I am not wrong, the proxy only there to forward the request? I mean it would be perfectly make sense to me to open additional port if required but I didn't get the idea that the IWA didn't work in the HTTP proxy connection.

any thought around this?
Question by:kecoak
    LVL 4

    Expert Comment

    The reason this doesn't work is because a trusted connection needs to be made between the client and server.  A proxy server breaks that trust and therefore it breaks IWA.  

    By "trust" it means the client can verify who the server is and the server can verify who the client is.  When you throw a proxy in the middle of it, neither of them communicate directly to each other and therefore can't develop a trust..

    Author Comment

    but if we were using NLTM, then shouldn't be no problem at all? As far as I am concerned Windows Authentication can be used either NTLM or Kerberos but even with Kerberos, this shouldn't be a problem at all.

    Can you elaborate more about the "TRUST" how does it work?

    LVL 4

    Accepted Solution

    NTLM authentication does not work through a proxy server because there needs to be a continuously open connection between the client and server for the various request and response transaction that take place with NTLM v2.  This type of connection can be done with most proxy server due to the nature of how proxy server work.

    Kerberos authentication will normally not work from outside the domain since firewalls are usually in place that block the domain controllers from the outside world.

    I hope that helps clearify.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Suggested Solutions

    Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
    It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now