Hi, I'm currently evaluating WinGate 6.04 and a key requirement for my evaluation is for the WinGate's WWW Proxy to present a user with a browser authentication challenge dialog box (i.e. send the browser a 407 response). I haven't been able to figure out how to make this work in WinGate. I can get the WWW Proxy to work when I give the rights to use the service to everyone; but when I remove that right; and instead set it to a specific user and require the user to be authenticated; I never manage to connect. When I look at the activity log; I see a request made by the user "Guest" but authentication for that user failed (despite never being challenged for a username).
Can you help?
Thanks.
HTTP 407 Authentication challenge
Moderator: Qbik Staff
3 posts
• Page 1 of 1
HTTP 407 Authentication challenge
by naetss » Jul 19 05 5:37 pm
- naetss
- Posts: 2
- Joined: Jul 19 05 5:29 pm
by adrien » Jul 19 05 7:27 pm
hi
WinGate 6.0.4 supports authentication for proxy requests and also intercepted requests, so the first question is: are the users configured to connect to the proxy, or are they configured for NAT access?
To get WinGate to present a challenge, there are a couple of steps.
1. The policies must require that access be authenticated. This can also mean that things like the default policies must be ignored, if your default policies would also grant access.
2. For NTLM authentication, the NTLM auth option must be enabled, and you must be using the Windows user database or a remote AD user database.
We don't recommend using NTLM authentication for your clients if they are not configured to use a proxy. If the web browsers know they are talking to a proxy, they are better behaved, although there is a persistent bug in Internet Explorer where it refuses to auth to a web server that requires NTLM auth if it is going through a proxy.
Adrien
WinGate 6.0.4 supports authentication for proxy requests and also intercepted requests, so the first question is: are the users configured to connect to the proxy, or are they configured for NAT access?
To get WinGate to present a challenge, there are a couple of steps.
1. The policies must require that access be authenticated. This can also mean that things like the default policies must be ignored, if your default policies would also grant access.
2. For NTLM authentication, the NTLM auth option must be enabled, and you must be using the Windows user database or a remote AD user database.
We don't recommend using NTLM authentication for your clients if they are not configured to use a proxy. If the web browsers know they are talking to a proxy, they are better behaved, although there is a persistent bug in Internet Explorer where it refuses to auth to a web server that requires NTLM auth if it is going through a proxy.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by naetss » Jul 20 05 6:55 am
Hi Adrien, thanks for your response.
I have been able to make it work in the meantime. As you indicated; I had to indicate to WinGate that for the WWW Proxy; it must ignore the system wide privileges. Strangely enough though; for the actual user; I had to indicate that "user may be assumed", rather than "user must be authenticate". When it was set to "assumed", the browser correctly presented me with a Proxy authentication challenge; when I set it to "must authenticate"; WinGate continued to see all requests as "Guest". I tested this with both FireFox and IE.
I have been able to make it work in the meantime. As you indicated; I had to indicate to WinGate that for the WWW Proxy; it must ignore the system wide privileges. Strangely enough though; for the actual user; I had to indicate that "user may be assumed", rather than "user must be authenticate". When it was set to "assumed", the browser correctly presented me with a Proxy authentication challenge; when I set it to "must authenticate"; WinGate continued to see all requests as "Guest". I tested this with both FireFox and IE.
- naetss
- Posts: 2
- Joined: Jul 19 05 5:29 pm
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 15 guests