This forum has been moved here:
Helicon Tech Community Forum

  Active TopicsActive Topics  Display List of Forum MembersMemberlist  HelpHelp   RegisterRegister  LoginLogin
Common Questions (Forum Locked Forum Locked)
 Helicon Tech : Common Questions
Subject Topic: Proxy with Authentication (Topic Closed Topic Closed)
Author
Message |
kpalmer101
Newbie


Joined: 16 April 2008
Location: United States
Posts: 2
Posted: 24 April 2008 at 2:07pm  

This is my first attempt using ISAPI-Rewrite. I am trying to setup a portal server and use the proxy feature to send requests to several other internal servers.

I have tried several combinations of anonymous and basic authentication. I am using ISAPI-Rewrite v3,1,0,45, with IIS6 on W2K3 SP2. The only thing I can get to work is Anonymous-Anonymous. I want to authenticate domain users accounts. Authentication works when I access Server2 directly. Authentication fails when I use the ISAPI-Rewrite proxy. Most of the configurations I have tried result in a HTTP Error 401.2 in IE. When I test from Firefox if I click cancel instead of entering a username and password, I get a login prompt from Server1 first followed by a prompt from Server2.

Proxy/IIS6/Server1:     Server/IIS6/Server2:

SSL, Basic Auth          Basic Auth     (Fails)

SSL, Anonymous         Basic Auth     (Fails)

SSL, Anonymous         Anonymous    (Success)

Client to Server1 and through ISAPI Proxy to Server2:

https://server1/test/test.html

Client Directly to Server2:

http://server2:88/test.html

Rule

RewriteProxy ^test(.*) http://server2:88$1 [NC]

Please help me find a solution. The Proxy feature looks like it benefit a large number of people.

Code:

### Server 1 (192.168.100.12-Internal IP; 192.168.100.16-Portal IP)
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2008-04-24 18:27:32
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2008-04-24 18:27:32 W3SVC1852168087 192.168.100.16 GET /test/kp2.htmlx.rwhlp p=0 443 - 12.1.2.3 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 200 5 0
2008-04-24 18:27:39 W3SVC1852168087 192.168.100.16 GET /test/kp2.htmlx.rwhlp p=0 443 kpalmer 12.1.2.3 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 200 5 0
2008-04-24 18:27:48 W3SVC1852168087 192.168.100.16 GET /test/kp2.htmlx.rwhlp p=0 443 kpalmer 12.1.2.3 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 200 5 0
2008-04-24 18:27:54 W3SVC1852168087 192.168.100.16 GET /test/kp2.htmlx.rwhlp p=0 443 kpalmer 12.1.2.3 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 200 5 0
2008-04-24 18:28:02 W3SVC1852168087 192.168.100.16 GET /test/kp2.htmlx.rwhlp p=0 443 kpalmer 12.1.2.3 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 200 5 0
2008-04-24 18:28:09 W3SVC1852168087 192.168.100.16 GET /test/kp2.htmlx.rwhlp p=0 443 kpalmer 12.1.2.3 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 200 5 0

### Server1 Rewrite.log
12.1.2.3 12.1.2.3  Thu, 24-Apr-2008  14:27:30 GMT [portal.company.com/sid#1852168087][rid#19996312/initial] (3) applying pattern '^test(.*)' to uri 'test/kp2.html'
12.1.2.3 12.1.2.3  Thu, 24-Apr-2008  14:27:30 GMT [portal.company.com/sid#1852168087][rid#19996312/initial] (1) escaping http://server2:88/kp2.html
12.1.2.3 12.1.2.3  Thu, 24-Apr-2008  14:27:30 GMT [portal.company.com/sid#1852168087][rid#19996312/initial] (2) forcing proxy-throughput with /test/kp2.htmlx.rwhlp?p=0
12.1.2.3 12.1.2.3  Thu, 24-Apr-2008  14:27:30 GMT [portal.company.com/sid#1852168087][rid#19996312/initial] (1) go-ahead with proxy request /test/kp2.htmlx.rwhlp?p=0 [OK]
12.1.2.3 12.1.2.3  Thu, 24-Apr-2008  14:27:30 GMT [portal.company.com/sid#1852168087][rid#19996312/initial] (2) rewrite 'test/kp2.html' -> '/test/kp2.htmlx.rwhlp?p=0'
12.1.2.3 12.1.2.3  Thu, 24-Apr-2008  14:27:30 GMT [portal.company.com/sid#1852168087][rid#19996312/initial] (2) internal redirect with /test/kp2.htmlx.rwhlp?p=0 [INTERNAL REDIRECT]

### Server 2 (192.168.100.22)
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2008-04-24 18:09:51
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2008-04-24 18:09:51 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:09:58 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:16:32 W3SVC87257621 192.168.100.22 GET / - 88 - 192.168.100.12 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1;+.NET+CLR+3.0.04506.30;+.NET+CLR+3.0.04506.648) 401 2 64
2008-04-24 18:16:32 W3SVC87257621 192.168.100.22 GET / - 88 - 192.168.100.12 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1;+.NET+CLR+3.0.04506.30;+.NET+CLR+3.0.04506.648) 401 2 64
2008-04-24 18:16:35 W3SVC87257621 192.168.100.22 GET / - 88 - 192.168.100.12 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1;+.NET+CLR+3.0.04506.30;+.NET+CLR+3.0.04506.648) 401 2 64
2008-04-24 18:27:32 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:27:39 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:27:47 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:27:54 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:28:02 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64
2008-04-24 18:28:09 W3SVC87257621 192.168.100.22 GET /kp2.html - 88 - 192.168.100.12 Mozilla/5.0+(X11;+U;+Linux+i686+(x86_64);+en-US;+rv:1.8.1.5)+Gecko/20061023+SUSE/2.0.0.5-1.1+Firefox/2.0.0.5 401 2 64

Thanks,

Kevin

Back to Top Visit kpalmer101's Homepage
 
kpalmer101
Newbie


Joined: 16 April 2008
Location: United States
Posts: 2
Posted: 24 April 2008 at 2:10pm  

I just realized this was posted to the wrong forum. This question should be under ISAPI Rewrite v3.0 support forum.
Back to Top Visit kpalmer101's Homepage
 
Yaroslav
Admin Group


Joined: 15 August 2002
Posts: 6520
Posted: 29 April 2008 at 5:51am  

The problem can be caused by SSL. You need to add remote certificate to the global trusted authorities on the proxy mashine in order for SSL to work.

__________________
Yaroslav Govorunov,
Helicon Tech
Back to Top Visit Yaroslav's Homepage
 

Sorry, you can NOT post a reply.
This forum has been locked by a forum administrator.

Printable version Printable version
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum