Pass-through authentication

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Pass-through authentication refers to the ability of Microsoft Internet Security and Acceleration (ISA) Server to pass a client's authentication information to the destination server. ISA Server supports pass-through authentication for both outgoing and incoming Web requests.

The figure illustrates a pass-through authentication scenario.

The client sends a Get request for an object on a Web server to the ISA Server. ISA Server passes the request to the Web server. From there, the pass-through authentication works as follows:

  1. The Web server receives the Get request, and responds that authentication is required (401 error). The Web server also indicates the types of authentication that it supports.

  2. ISA Server passes the Authentication Required response to the client.

  3. The client returns authentication information to the ISA Server.

  4. The ISA Server passes the client authentication information to the Web server.

  5. From this point on, the client communicates directly with the Web server.


  • In a pass-through authentication scenario, ISA Server does not support Kerberos V5 authentication. This is because Kerberos V5 requires that the client can identify the authenticating server.