« Previous Next »

Thread: ARR proxying to a site requiring Windows (NTLM) auth fails :(

Last post 07-30-2009 4:17 PM by anilr. 3 replies.

Average Rating Rate It (5)

RSS

Page 1 of 1 (4 items)

Sort Posts:

Shortcuts

Search | Active Posts | Unanswered Posts | View all users

  • 07-30-2009, 12:20 PM

    • DrSpook
    • Not Ranked
    • Joined on 07-30-2009, 3:42 PM
    • Posts 3

    ARR proxying to a site requiring Windows (NTLM) auth fails :(

    Reply Contact

    I'm using ARR & URL_ReWrite to successfully proxy http://site/site2/* to http://site2/*, but only if site2 doesn't require windows authentication.

    Where site2 requires windows auth, my valid login credentials don't work & I get barfed out with an access denied error.

    This proxy will be used by both internal and external users, the latter coming in through ISA Server.  We've done the proxying internally rather than on ISA so that we can have single URLs that work for both internal and external users (e.g. our intranet can link to http://intranet/app1 & all users will be sent transparently to http://app1/*).

     Any info gratefully received.

     Cheers :)
    Tags:

  • 07-30-2009, 1:29 PM In reply to

    • anilr
    • Top 10 Contributor
    • Joined on 05-23-2006, 10:13 PM
    • Redmond, WA
    • Posts 2,343

    Re: ARR proxying to a site requiring Windows (NTLM) auth fails :(

    Reply Contact

    You have to make sure that http://site/site2/* only has anonymous authentication enabled (and windows auth disabled) - this way, the windows auth credentials will be passed on to the target application rather being consumed by ARR.

    Anil Ruia
    Senior Software Design Engineer
    IIS Core Server

  • 07-30-2009, 3:28 PM In reply to

    • DrSpook
    • Not Ranked
    • Joined on 07-30-2009, 3:42 PM
    • Posts 3

    Re: ARR proxying to a site requiring Windows (NTLM) auth fails :(

    Reply Contact

    Thanks for the quick response :)

     I can confirm that only anonymous auth is configured on the server doing the proxying, i.e. site1 in my example.  site2 has windows auth enabled, but the requests to http://site1/site2/* -> http://site2/* fail.

     

  • 07-30-2009, 4:17 PM In reply to

    • anilr
    • Top 10 Contributor
    • Joined on 05-23-2006, 10:13 PM
    • Redmond, WA
    • Posts 2,343

    Re: ARR proxying to a site requiring Windows (NTLM) auth fails :(

    Reply Contact

    Can you collect failed request tracing on http://site1/site2/* - you can e-mail me the logs at anil (dot) ruia (at) microsoft (dot) com

    Anil Ruia
    Senior Software Design Engineer
    IIS Core Server
Page 1 of 1 (4 items)
Microsoft Communities