adrien wrote:Hi
so you're trying to test client cert based auth? You didn't mention certs before now, and I had to analyse your scripts to see you were trying to do Basic auth.
We don't have any scripts for this, haven't been asked for such things before.
For cert-based auth, you shouldn't put authorization headers in (such as auth Basic), just use a client cert that the WinGate server will trust, where the UPN in the certificate matches the user principal name on an account. The UPN (user principal name) is stored in Subject Alternative Name field in the certificate, with OID of szOID_NT_PRINCIPAL_NAME, ("1.3.6.1.4.1.311.20.2.3").
If you tried using a cert without this extension, the AD user database should have logged a warning, so check your logs.
It will also fail auth if the cert is revoked, the cert failed validation (isn't trusted somehow, or fails in some other way - e.g. expires). These are all logged
You can use a cert to auth against a user or computer account, only with the AD user database provider.
As for getting a script to use a client cert, sorry I have no idea. Dr Google should have a few ideas though
maybe
http://stackoverflow.com/questions/12782371/powershell-https-get-using-client-certificate-from-certsore
No I'm not trying to use certs at all, I have used Professor BING has pointed to a number of PowerShell script that should work. I have posted two of them above. I have every gone as far as contacting a PowerShell MVP and he agree that all the PowerShell scripts should work and have worked for him in other environments but none of the environments are Wingate. Hence, why I’m asking for a script (PowerShell, VBS, or c#) that you have tested and know to work, in order to allow me to prove that Wingate is setup correctly.
Again, all I'm trying to prove is that Wingate is setup correctly. We have grant a user account used by the application and scripts full proxy access to the Internet. But it is getting a 407 error.
However when I logon as that user and using IE it tells me that it can access the internet.
Now here is the problem. While still logon as “User account”
Using the exact same setting, and while ”watching” the activity monitor, I can see that the application or either code snip-it above will fail to connect to the internet with “unknown user” but for whatever reason WinGate will fail back to the locally logon user and then allow the connection. This tell me that it is using the locally logon user instead of the proxy user account define. Why it is failing back, I have no idea as the code snippet above clearly only tries once to access the internet.
Additionally I want to ensure that both HTTP and HTTPS traffic is filter through the proxy server, from what I can tell this has been setup correctly.
As an aside I have ever try to determine if there is professional service for Wingate and I have looked at the partner in Canada and a few in the US. None seem to provide this type of service.
