On Thu, Dec 16, 2010 at 7:51 PM, Arno Garrels <arno.garr...@gmx.de> wrote:
> Fastream Technologies wrote: > > Hello, > > > > On Thu, Dec 16, 2010 at 7:04 PM, Arno Garrels <arno.garr...@gmx.de> > > wrote: > > > >> Fastream Technologies wrote: > >>> Hello, > >>> > >>> On Thu, Dec 16, 2010 at 5:00 PM, Arno Garrels <arno.garr...@gmx.de> > >>> wrote: > >>> > >>>> Fastream Technologies wrote: > >>>>> So since we are talking about the web server, the NTLMDomain > >>>>> property should be of THttpConnection, NOT the THttpServer. In the > >>>>> OnGet/Head/PostDocument it should be set by the app coder or if it > >>>>> is not set then it will be null hence work as it is now. > >>>> > >>>>> I was talking about the web server but the client also needs some > >>>>> mechanism to indicate the NTLM domain so that it can send request > >>>>> to the web server in case of NTLM on the web server. But wait a > >>>>> minute, when there is reverse proxy sitting in front, web servers > >>>>> cannot authenticate with NTLM, can they? > >>>> > >>>> Important to know for readers was how exactly the NTLM > >>>> authentication is handled by your proxy _currently_ and in what > >>>> way you want to change that design, nobody nows that so far. > >>>> Adding a string property is a matter of two lines of code, even a > >>>> BCB developer should be able to do that in Delphi. > >>>> > >>>> > >>> You are right. When IQP receives the request, in the > >>> ProcessRequest() it scans the defined URL Rules set by the end user > >>> from top to bottom for a match to decide which target web server to > >>> route/redirect to. A URL Rule list could be like, > >>> > >>> 1. ssl://www.fastream.com/owa > >>> 2. http://www.fastream.com/path/file.htm ("URL Rule is file" flag > >>> set) > >>> 3. *://www.iqproxyserver.com [2] > >>> 4. *://www.iqproxyserver.com > >>> 5. *://* > >>> > >>> The last one must be *://* as a catch-all. We enabled 3. and 4. in > >>> the same list in from v4.5 on to let users route to different target > >>> server IP/port/path with respect to client location (country). See > >>> http://www.iqproxyserver.com (home page, bottom) for a screenshot > >>> example of this. > >>> > >>> Now, I want each URL Rule to be able to have one NTLM domain to > >>> authenticate against. > >> > >> For what reason? What does currently not work? > >> Give us an example please. > >> > >> > > Personally I never needed such feature but customers who use reverse > > proxy as SSL VPN they say they need it. > > So, the question remains "What kind of feature?". > Each URL Rule should be able to authenticate against a configurable AD domain! SZ > > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
