Microsoft Internet Security and
Acceleration Server 2000
Pass-Through
Authentication
With pass-through authentication, a client can send credentials
directly to an upstream server, without sending credentials to the
local ISA Server.
In a simple scenario, the downstream ISA Server does not request
credentials at all, while the upstream server requires
authentication from the client. The process works as follows:
The client requests an object from the ISA Server.
The ISA Server routes the request to an upstream server, which
requests credentials from the client.
The client returns the credentials, by way of the ISA Server,
directly to the upstream server. The downstream ISA Server does not
access the client credentials.
Note that in this case, Web filters running on the ISA Server
will not access the credentials passed by the client to the
upstream server.
In another scenario, both the ISA Server and the upstream server
require credentials. In this case, the process works as
follows:
The client connects to the ISA Server.
The ISA Server requests credentials, as dictated by publishing
or access policy rules.
The client returns credentials to the ISA Server.
The ISA Server passes the request to the upstream server.
The upstream server requests client credentials.
The client returns credentials to the ISA Server.
The ISA Server recognizes the client as already authenticated,
and passes the credentials to the upstream server.