Helicon Tech: Proxy with Authentication

Common Questions
Helicon Tech : Common Questions

Topic: Proxy with Authentication

Author

Message

<< Prev Topic | Next Topic >>

kpalmer101
Newbie
Newbie

Joined: 16 April 2008
Location: United States
Online Status: Offline
Posts: 2

Posted: 24 April 2008 at 2:07pm \| IP Logged

This is my first attempt using ISAPI-Rewrite. I am trying to setup a portal server and use the proxy feature to send requests to several other internal servers.

I have tried several combinations of anonymous and basic authentication. I am using ISAPI-Rewrite v3,1,0,45, with IIS6 on W2K3 SP2. The only thing I can get to work is Anonymous-Anonymous. I want to authenticate domain users accounts. Authentication works when I access Server2 directly. Authentication fails when I use the ISAPI-Rewrite proxy. Most of the configurations I have tried result in a HTTP Error 401.2 in IE. When I test from Firefox if I click cancel instead of entering a username and password, I get a login prompt from Server1 first followed by a prompt from Server2.

Proxy/IIS6/Server1: Server/IIS6/Server2:

SSL, Basic Auth Basic Auth (Fails)

SSL, Anonymous Basic Auth (Fails)

SSL, Anonymous Anonymous (Success)

Client to Server1 and through ISAPI Proxy to Server2:

https://server1/test/test.html

Client Directly to Server2:

http://server2:88/test.html

Rule

RewriteProxy ^test(.*) http://server2:88$1 [NC]

Please help me find a solution. The Proxy feature looks like it benefit a large number of people.

Code:

### Server 1 (192.168.100.12-Internal IP; 192.168.100.16-Portal IP)
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2008-04-24 18:27:32
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2008-04-24 18:27:32 W3SVC1852168087 192.168.100.16 GET /test/kp2.htmlx.rwhlp p=0 443 - 12.1.2.3 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 200 5 0
2008-04-24 18:27:39 W3SVC1852168087 192.168.100.16 GET /test/kp2.htmlx.rwhlp p=0 443 kpalmer 12.1.2.3 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 200 5 0
2008-04-24 18:27:48 W3SVC1852168087 192.168.100.16 GET /test/kp2.htmlx.rwhlp p=0 443 kpalmer 12.1.2.3 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 200 5 0
2008-04-24 18:27:54 W3SVC1852168087 192.168.100.16 GET /test/kp2.htmlx.rwhlp p=0 443 kpalmer 12.1.2.3 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 200 5 0
2008-04-24 18:28:02 W3SVC1852168087 192.168.100.16 GET /test/kp2.htmlx.rwhlp p=0 443 kpalmer 12.1.2.3 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 200 5 0
2008-04-24 18:28:09 W3SVC1852168087 192.168.100.16 GET /test/kp2.htmlx.rwhlp p=0 443 kpalmer 12.1.2.3 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 200 5 0

### Server1 Rewrite.log
12.1.2.3 12.1.2.3 Thu, 24-Apr-2008 14:27:30 GMT [portal.company.com/sid#1852168087][rid#19996312/initial] (3) applying pattern '^test(.*)' to uri 'test/kp2.html'
12.1.2.3 12.1.2.3 Thu, 24-Apr-2008 14:27:30 GMT [portal.company.com/sid#1852168087][rid#19996312/initial] (1) escaping http://server2:88/kp2.html
12.1.2.3 12.1.2.3 Thu, 24-Apr-2008 14:27:30 GMT [portal.company.com/sid#1852168087][rid#19996312/initial] (2) forcing proxy-throughput with /test/kp2.htmlx.rwhlp?p=0
12.1.2.3 12.1.2.3 Thu, 24-Apr-2008 14:27:30 GMT [portal.company.com/sid#1852168087][rid#19996312/initial] (1) go-ahead with proxy request /test/kp2.htmlx.rwhlp?p=0 [OK]
12.1.2.3 12.1.2.3 Thu, 24-Apr-2008 14:27:30 GMT [portal.company.com/sid#1852168087][rid#19996312/initial] (2) rewrite 'test/kp2.html' -> '/test/kp2.htmlx.rwhlp?p=0'
12.1.2.3 12.1.2.3 Thu, 24-Apr-2008 14:27:30 GMT [portal.company.com/sid#1852168087][rid#19996312/initial] (2) internal redirect with /test/kp2.htmlx.rwhlp?p=0 [INTERNAL REDIRECT]

### Server 2 (192.168.100.22)
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2008-04-24 18:09:51
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2008-04-24 18:09:51 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:09:58 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:16:32 W3SVC87257621 192.168.100.22 GET / - 88 - 192.168.100.12 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1;+.NET+CLR+3.0.04506.30;+.NET+CLR+3.0.04506.648) 401 2 64
2008-04-24 18:16:32 W3SVC87257621 192.168.100.22 GET / - 88 - 192.168.100.12 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1;+.NET+CLR+3.0.04506.30;+.NET+CLR+3.0.04506.648) 401 2 64
2008-04-24 18:16:35 W3SVC87257621 192.168.100.22 GET / - 88 - 192.168.100.12 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1;+.NET+CLR+3.0.04506.30;+.NET+CLR+3.0.04506.648) 401 2 64
2008-04-24 18:27:32 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:27:39 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:27:47 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:27:54 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:28:02 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:28:09 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64

Thanks,

Kevin

kpalmer101
Newbie
Newbie

Joined: 16 April 2008
Location: United States
Online Status: Offline
Posts: 2

Posted: 24 April 2008 at 2:10pm \| IP Logged

I just realized this was posted to the wrong forum. This question should be under ISAPI Rewrite v3.0 support forum.

Yaroslav
Moderator Group

Joined: 15 August 2002
Online Status: Offline
Posts: 6451

Posted: 29 April 2008 at 5:51am \| IP Logged

The problem can be caused by SSL. You need to add remote certificate to the global trusted authorities on the proxy mashine in order for SSL to work.

__________________
Yaroslav Govorunov,
Helicon Tech

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

Printable version

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum