Cisco Cisco Web Security Appliance S170 사용자 가이드
20-9
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 20 Authentication
Understanding How Authentication Works
lists the possible methods of authentication for the various
authentication protocols and deployment type.
Table 20-3
Methods of Authentication
Web Proxy
Deployment
Deployment
Client to Web Security
Appliance
Appliance
Web Security Appliance to
Authentication Server
Authentication Server
Explicit forward
Basic
LDAP or NTLM Basic
Transparent
Basic
LDAP or NTLM Basic
Explicit forward
NTLM
NTLMSSP
Transparent
NTLM
NTLMSSP
The following subsections describe these methods of authentication in more
detail.
detail.
Explicit Forward Deployment, Basic Authentication
When a client explicitly sends a web page request to a Web Security appliance
deployed in explicit forward mode, the Web Proxy can reply to the client with a
407 HTTP response “Proxy Authentication Required.” This status informs the
client that it must supply valid authentication credentials to access web resources.
deployed in explicit forward mode, the Web Proxy can reply to the client with a
407 HTTP response “Proxy Authentication Required.” This status informs the
client that it must supply valid authentication credentials to access web resources.
The authentication process comprises these steps:
Step 1
Client sends a request to the Web Proxy to connect to a web page.
Step 2
Web Proxy responds with a 407 HTTP response “Proxy Authentication
Required.”
Required.”
Step 3
User enters credentials, and client application resends the original request with
the credentials encoded in Base64 (not encrypted) in a “Proxy-Authorization”
HTTP header.
the credentials encoded in Base64 (not encrypted) in a “Proxy-Authorization”
HTTP header.
Step 4
Web Proxy verifies the credentials and returns the requested web page.