How to Windows auth working on nginx reverse proxy ???

Ryan Malayter malayter at gmail.com
Sat Apr 10 01:50:21 MSD 2010


On Thu, Apr 8, 2010 at 2:35 PM, flapjack <nginx-forum at nginx.us> wrote:
> I config a reverse proxy to Windows IIS 6.0 (windows auth), visit windows server url is ok.
>
> Visit nginx proxy to this site tips my input pwd & username, repeat this tips input over, repeat, repeat, repeat, repeat.

It won't work at least until nginx supports backend keep-alive and
connection affinity with the front end. Right now nginx opens and
closes a connection to the back end with each request (like many
caches do). Microsoft NTLM authentication over HTTP requires that
everything happens over a single HTTP connection (in violation of many
HTTP RFCs).
See:
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true

Try using digest authentication on the IIS side instead of NTLM
authentication if your infrastructure supports it. It is equally
secure, and you can use the same username and password. If you're
already using SSL, basic authentication is fine too. Both of these
options will prompt for a username and password, but you can still use
the windows username and password.

-- 
RPM



More information about the nginx mailing list