Cisco Cisco Web Security Appliance S190 사용자 가이드

 lists advantages and disadvantages of using transparent Basic authentication and 

cookie-based credential caching. 

The Web Proxy uses a third party challenge and response system to authenticate users on the network.

The authentication process comprises these steps:

Client sends a request to the Web Proxy to connect to a web page.

Web Proxy responds with a 407 HTTP response “Proxy Authentication Required.”

Clients repeats request and includes a “Proxy-Authorization” HTTP header with an NTLM 
“negotiate” message.

Web Proxy responds with a 407 HTTP response and an NTLM “challenge” message based on the 
negotiate message from the client.

Client repeats the request and includes a response to the challenge message.

The client uses an algorithm based on its password to modify the challenge and sends the 
challenge response to the Web Proxy.

Web Proxy passes the authentication information to the Active Directory server. The Active 
Directory server then verifies that the client used the correct password based on whether or not it 
modified the challenge string appropriately.

If the challenge response passes, the Web Proxy returns the requested web page.

Additional requests on the same TCP connection do not need to be authenticated again with the Active 
Directory server.

Works with all major browsers

Authentication is associated with 
the user rather than the host or IP 
address

Each new web domain requires the entire authentication 
process because cookies are domain specific

Requires cookies to be enabled

Does not work for HTTPS requests

No single sign-on

Password is sent as clear text (Base64)