Export (0) Print
Expand All

Configuring WINHTTP authentication

Published: January 11, 2010

Updated: February 1, 2011

Applies To: Unified Access Gateway

This topic describes how to configure a WINHTTP authentication server on Forefront Unified Access Gateway (UAG).

The WINHTTP authentication scheme checks users’ credentials using HTTP 401 requests, as follows:

  • You assign a URL of a page that requests users to authenticate (using an HTTP 401 request).

  • The web server you define checks whether the user is authorized to access the requested URL. Only users that are authorized to access the URL are considered authenticated.

  1. In the Forefront UAG Management console, on the Admin menu, click Authentication and Authorization Servers.

  2. On the Authentication and Authorization Servers dialog box, click Add.

  3. In the Server type list, click WINHTTP.

  4. On the Add Authentication Server dialog box, configure the following server settings:

    • Server name—Name of the server or repository. This name is used when you select the server or repository during the configuration of Forefront UAG. It is also displayed to end users when they are prompted to select a server during authentication.

    • URL—URL of the page that requests users to authenticate (using an HTTP 401 request).

    • Domain—Default domain name. If you enter a domain name, it is used by default as the user’s login domain name.

    • Use a different server for portal application authorization—Applicable in portal trunks only. Select this check box to enable you to use a different server, where users and user groups are defined, for application authorization. In this case, selecting the WINHTTP server for application authorization, brings users and user groups from the associated server rather than from the WINHTTP server.

    • Select server—Click the server to use for application authorization. You can use one of the following:

      • Any of the configured authentication servers where users and user groups are defined, such as, NT Domain or Notes Directory.

      • Built-In Users/Groups—Use the computer’s Windows Local Users and Groups console. To access the console, click Launch Local Users and Groups console.

      noteNote:
      Selecting this option does not enable you to define the local computer’s Windows Local Users and Groups console as an authentication server. To define the local computer as the authentication server, select the NT Domain server-type, and enter the name of the local computer in the NT Domain field.

  5. On the Add Authentication Server dialog box, click OK, and then on the Authentication and Authorization Servers dialog box, click Close.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft