I have MWG 7 where I want to authenticate users if possible but not show the "Authentication failed" page if authentication fails.
The users can be authenticated by either MCP or NTLM but I want to make sure that even though none of these methods works the user can still surf through the proxy. The authentication is only used to make sure the username shows up in logfiles... Any idea on how to set this up?Message was edited by: nsecfredrik on 3/4/13 4:16:15 AM CST
I think you might just answered your own question!
You either can change the default action for Authentication Failure or create your own rule and disable the default one.
The problem is: if you intend to have the usernames in the access.log files, you might get some access lines without any user associaton to it.
What I'd recommend is to se if you can bypass authentication to just the people you need to.
check out the "Try Auth" rule set that comes with the products embedded library. It allows a user to authenticate and move on if authentication failed.
i tested the "Try Authentication Rulset" at a customer where MWG ist used as a proxy and additional WCCP is used.
Is this true? When using the Try authentication ruleset the property Authentication.IsAuthenticated is not filled any more?
i know, but e.g. inline NTLM authentication is not possible when using WCCP.
Finally my question is if the Authentication.IsAuthenticated property is not set when using the "Try Authentication" Ruleset.
whenever Authentication.Authenticate<Directory> results into true Authentication.IsAuthenticated should be set to true. If one of the authentication methods in the Try Auth rule sets succeeds, Authentication.IsAuthenticated becomes true.