You can authenticate users in Forefront Unified Access Gateway (UAG) using WINHTTP authentication.
The WINHTTP authentication scheme checks users' credentials as follows:
- You assign a URL of a Web page that requires
users to authenticate using an HTTP 401 request.
- The web server you define checks if the user
is authorized to access the requested URL. Only users that are
authorized to access the URL are considered authenticated.
WINHTTP authentication flow
The following figure illustrates the authentication process users pass through when the WINHTTP authentication scheme is implemented.
WINHTTP Authentication Flow
 Note: |
|---|
| The flow allows for three login attempts, after which login failure is final. The actual number of login attempts users are allowed is configurable. |