Authentication Error fill-in form

Jan 17 06 12:24 am

Hi,

We have Wingate 6.1.1 running on Win2k3. We wants to edit contact information online on a website. To edit this information we change the data on a fill-in form. When we wants to save the document we get the following system message on our Wingate server: "authentication failed - user Guest om 192.0.1.26 requested Form-data;name=StreetCity" When I change the data without using Wingate everything goes fine without any error messages. We cannot edit the information when using Wingate.

I have tried to change the cache settings to cache the website and not to cache the website, both doesn't help. I have tried to give the Guest user right to see the website when the http urls contains www.pkf.com but this even doesn't work.

Two questions:
1)How can I solve this problem so that we can edit the information online on the website?

2)How is it possible that when I logon as an normal authenticated user I still get Guest message instead of the username?????

I hope you have a solution for me

Kind regards,
Michael

Jan 17 06 12:20 pm

Hi

That request that is logged looks wrong - it doesn't look like an HTTP request.

You are using NTLM correct? The log item for the Guest account means that the authentication hasn't completed yet, so WinGate still considers the user to be guest. We have had 1 other report of an issue like this which we are investigating. It is related to POST requests (form submissions) when NTLM is used in the proxy. You could probably work around this problem if you configured WinGate to allow HTTP Basic authentication instead.

Adrien

Feb 02 06 4:51 am

Hi

Some more information about this problem: When the user "Guest" is added to the policies of www proxy services and on the tab advanced I selected "Specify which request this recipients has right for" and I added an filter with criterion "HTTP URL contains PKF.COM" and saved it. I can change the value of the fill-in forms and save it. But everything is logged under the Guest user not with the name of the user who changed it? I don't want this!!

It only works when I set het default system rights by the WWW service on "Ignored" or "Maybe be used Instead". When the default system rights stands on "Must also be granted" it does not work.

But why why why is he trying to authenticated a Guest user?? I don't understand it? I have an usersgroup called "Internet Access" and all the users are members of this group and there are no restrictions on this usersgroups. The usersgroup "Internet Access" has right for the WWW services and for default system policy they have also unrestricted rights, they have rights for dns resolving and more.

Can someone tell me why Wingate tries to authenticated a Guest user instead of the authenticated user?

Yes we are using NTLM strong authentication. I use the local users/group database of windows 2003. Basic authentication does not work.

Greetings
Marco

Feb 02 06 11:18 am

When a connection is established through WinGate policies are checked.

If a policy will grant authentication without requiring the user to be identified (Such as the Guest policy for pkf.com) it will not necessarily try to identify the user. (Through NTLM negotiation, etc.)

This of course assumes that the user is not already known. I could only reproduce this case when NOT requiring authentication for the Guest User policy. As soon as I required authentication for all recipients listed it worked and authenticated as the actual user of that machine.

If you like you can email me your current policy setup (Export with Advanced Options) and I'll look through it to show you what to change.