Discussion:
Authenticating ISA access on IIS
(too old to reply)
f***@gmail.com
2007-06-13 13:39:30 UTC
Permalink
Hello,
I have an internal web site hosted on IIS that I would like to make
accessible to some external users through ISA.
ISA itself will take care of the user authentication.

However, I want that:
1. ISA itself "authenticates" against IIS, that is, I want that the
web site is confident that requests are coming from the proxy and not
from someone else on the intranet.
(Ideally, ISA proxy should be an user in our organization's domain and
authenticate against IIS using NTLM)
2. ISA passes some extra data to the web site, e.g. the name of the
authenticated user.
(Ideally it should add some headers, but the added headers should be
dynamically based on the requesting user)

Is it possible? How?

Thanks,
Federico
Jim Harrison (ISA SE)
2007-06-13 18:55:59 UTC
Permalink
This might help you:
http://www.microsoft.com/technet/isa/2006/authentication.mspx
--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.



<***@gmail.com> wrote in message news:***@e26g2000pro.googlegroups.com...
Hello,
I have an internal web site hosted on IIS that I would like to make
accessible to some external users through ISA.
ISA itself will take care of the user authentication.

However, I want that:
1. ISA itself "authenticates" against IIS, that is, I want that the
web site is confident that requests are coming from the proxy and not
from someone else on the intranet.
(Ideally, ISA proxy should be an user in our organization's domain and
authenticate against IIS using NTLM)
2. ISA passes some extra data to the web site, e.g. the name of the
authenticated user.
(Ideally it should add some headers, but the added headers should be
dynamically based on the requesting user)

Is it possible? How?

Thanks,
Federico
f***@gmail.com
2007-06-14 15:29:26 UTC
Permalink
On 13 Giu, 20:55, "Jim Harrison \(ISA SE\)"
This might help you:http://www.microsoft.com/technet/isa/2006/authentication.mspx
I've read it,
but if I am not mistaken, it is about authenticating users through
ISA. ("authentication delegation").

This is my scenario:
1. clients are external to the organization's intranet: they will be
authenticated against ISA itself (they are not member of the
organization's domain), IIS won't be able to authenticate them
2. ISA itself should authenticate against IIS as a member of our
organization domain, ideally using NTLM.

Thanks,
Federico
Jim Harrison (ISA SE)
2007-06-18 21:33:39 UTC
Permalink
That document outlines ISA 2006 authentication in total.
A lot of time is spent on delegation, since this tends to be the least
understood concept in this area.
The only way ISA can authenticate as a user other than that presented to ISA
is in the web publishing "use a certificate" option.
The ISA help covers this as well.
--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.



<***@gmail.com> wrote in message news:***@e9g2000prf.googlegroups.com...
On 13 Giu, 20:55, "Jim Harrison \(ISA SE\)"
Post by Jim Harrison (ISA SE)
This might help
you:http://www.microsoft.com/technet/isa/2006/authentication.mspx
I've read it,
but if I am not mistaken, it is about authenticating users through
ISA. ("authentication delegation").

This is my scenario:
1. clients are external to the organization's intranet: they will be
authenticated against ISA itself (they are not member of the
organization's domain), IIS won't be able to authenticate them
2. ISA itself should authenticate against IIS as a member of our
organization domain, ideally using NTLM.

Thanks,
Federico
Deepak Prince
2010-12-01 05:32:09 UTC
Permalink
Hi Federico,

Did you get a fix to this issue? I am facing a similar issue here and have been unable to find a fix so far, despite trying out the hotfixes recommended in the Microsoft KB articles.

Thanks,
Deepak
Post by f***@gmail.com
Hello,
I have an internal web site hosted on IIS that I would like to make
accessible to some external users through ISA.
ISA itself will take care of the user authentication.
1. ISA itself "authenticates" against IIS, that is, I want that the
web site is confident that requests are coming from the proxy and not
from someone else on the intranet.
(Ideally, ISA proxy should be an user in our organization's domain and
authenticate against IIS using NTLM)
2. ISA passes some extra data to the web site, e.g. the name of the
authenticated user.
(Ideally it should add some headers, but the added headers should be
dynamically based on the requesting user)
Is it possible? How?
Thanks,
Federico
Post by Jim Harrison (ISA SE)
http://www.microsoft.com/technet/isa/2006/authentication.mspx
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
Hello,
I have an internal web site hosted on IIS that I would like to make
accessible to some external users through ISA.
ISA itself will take care of the user authentication.
1. ISA itself "authenticates" against IIS, that is, I want that the
web site is confident that requests are coming from the proxy and not
from someone else on the intranet.
(Ideally, ISA proxy should be an user in our organization's domain and
authenticate against IIS using NTLM)
2. ISA passes some extra data to the web site, e.g. the name of the
authenticated user.
(Ideally it should add some headers, but the added headers should be
dynamically based on the requesting user)
Is it possible? How?
Thanks,
Federico
Post by f***@gmail.com
On 13 Giu, 20:55, "Jim Harrison \(ISA SE\)"
I've read it,
but if I am not mistaken, it is about authenticating users through
ISA. ("authentication delegation").
1. clients are external to the organization's intranet: they will be
authenticated against ISA itself (they are not member of the
organization's domain), IIS won't be able to authenticate them
2. ISA itself should authenticate against IIS as a member of our
organization domain, ideally using NTLM.
Thanks,
Federico
Post by Jim Harrison (ISA SE)
That document outlines ISA 2006 authentication in total.
A lot of time is spent on delegation, since this tends to be the least
understood concept in this area.
The only way ISA can authenticate as a user other than that presented to ISA
is in the web publishing "use a certificate" option.
The ISA help covers this as well.
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
On 13 Giu, 20:55, "Jim Harrison \(ISA SE\)"
I've read it,
but if I am not mistaken, it is about authenticating users through
ISA. ("authentication delegation").
1. clients are external to the organization's intranet: they will be
authenticated against ISA itself (they are not member of the
organization's domain), IIS won't be able to authenticate them
2. ISA itself should authenticate against IIS as a member of our
organization domain, ideally using NTLM.
Thanks,
Federico
Submitted via EggHeadCafe
Parsing JSON to C# Classes Via Topsy Otter API and JSON.NET
http://www.eggheadcafe.com/tutorials/aspnet/2c6e9551-0f8d-479f-a747-211b3c7fcb43/parsing-json-to-c-classes-via-topsy-otter-api-and-jsonnet.aspx
Loading...