You can authenticate users in Forefront Unified Access Gateway (UAG) using WINHTTP authentication.

The WINHTTP authentication scheme checks users' credentials as follows:

WINHTTP authentication flow

The following figure illustrates the authentication process users pass through when the WINHTTP authentication scheme is implemented.

WINHTTP Authentication Flow

The flow allows for three login attempts, after which login failure is final. The actual number of login attempts users are allowed is configurable.