This method
is best for public Web sites that cannot enforce authentication.
Figure 12.4 Confi guring Authentication in a Web Listener
Microsoft Internet Security and Acceleration 2006 Server Publishing ??? Chapter 12 435
?– HTML Authentication This also known as Form-based Authentication.
When Microsoft Internet Security and Acceleration 2006 Server detects that
a user is not an authenticated user, a HTML form would be presented to the
user and asked for credentials.
?– HTTP Authentication The user is not prompted for credentials; instead,
it relies on the client application they use to access the published application.
For instance Internet Explorer would need to include the credential and
authentication information in the HTTP headers. The ISA server would
then extract the information from the HTTP header and authenticate
the user.
The authentication process does not actually take place on the Microsoft Internet
Security and Acceleration 2006 Server. Instead, an authentication provider does the
job. All credentials received by Microsoft Internet Security and Acceleration 2006
Server would then be forwarded to the Authentication Provider for further processing
(see Figure 12.5).
ISA Server Web Server Client
Authentication
Provider
Authentication
Request
Figure 12.5 How ISA Server Handles Authentication Requests
436 Chapter 12 ??? Microsoft Internet Security and Acceleration 2006 Server Publishing
Once a client is authenticated, the request would then be processed by the ISA
Server according to what is specifi ed in the publishing rule.
Pages:
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433