Hello, Alright. Let's say there are two virtual servers, one per domain on the ICS web server. For example in OnGetDocument, you assign different TFileStream's to different FRequestHost's. I need each HTTP domain's user set to authenticate against a different AD/NTLM domain. It will be the application programmer/admin-configuration responsible for setting the NTLM domain name with respect to the FRequestHost. One future feature might be the ability to enable multiple NTLM domains per FRequestHost of which the end user would choose from by the syntax domain\user while logging in.
Best Regards, SZ On Thu, Dec 16, 2010 at 9:35 PM, Arno Garrels <arno.garr...@gmx.de> wrote: > Fastream Technologies wrote: > > On Thu, Dec 16, 2010 at 7:51 PM, Arno Garrels <arno.garr...@gmx.de> > > wrote: > > > >> Fastream Technologies wrote: > >>> Hello, > >>> > >>> On Thu, Dec 16, 2010 at 7:04 PM, Arno Garrels <arno.garr...@gmx.de> > >>> wrote: > >>> > >>>> Fastream Technologies wrote: > >>>>> Hello, > >>>>> > >>>>> On Thu, Dec 16, 2010 at 5:00 PM, Arno Garrels > >>>>> <arno.garr...@gmx.de> wrote: > >>>>> > >>>>>> Fastream Technologies wrote: > >>>>>>> So since we are talking about the web server, the NTLMDomain > >>>>>>> property should be of THttpConnection, NOT the THttpServer. In > >>>>>>> the OnGet/Head/PostDocument it should be set by the app coder > >>>>>>> or if it is not set then it will be null hence work as it is > >>>>>>> now. > >>>>>> > >>>>>>> I was talking about the web server but the client also needs > >>>>>>> some mechanism to indicate the NTLM domain so that it can send > >>>>>>> request to the web server in case of NTLM on the web server. > >>>>>>> But wait a minute, when there is reverse proxy sitting in > >>>>>>> front, web servers cannot authenticate with NTLM, can they? > >>>>>> > >>>>>> Important to know for readers was how exactly the NTLM > >>>>>> authentication is handled by your proxy _currently_ and in what > >>>>>> way you want to change that design, nobody nows that so far. > >>>>>> Adding a string property is a matter of two lines of code, even a > >>>>>> BCB developer should be able to do that in Delphi. > >>>>>> > >>>>>> > >>>>> You are right. When IQP receives the request, in the > >>>>> ProcessRequest() it scans the defined URL Rules set by the end > >>>>> user from top to bottom for a match to decide which target web > >>>>> server to route/redirect to. A URL Rule list could be like, > >>>>> > >>>>> 1. ssl://www.fastream.com/owa > >>>>> 2. http://www.fastream.com/path/file.htm ("URL Rule is file" flag > >>>>> set) > >>>>> 3. *://www.iqproxyserver.com [2] > >>>>> 4. *://www.iqproxyserver.com > >>>>> 5. *://* > >>>>> > >>>>> The last one must be *://* as a catch-all. We enabled 3. and 4. in > >>>>> the same list in from v4.5 on to let users route to different > >>>>> target server IP/port/path with respect to client location > >>>>> (country). See http://www.iqproxyserver.com (home page, bottom) > >>>>> for a screenshot example of this. > >>>>> > >>>>> Now, I want each URL Rule to be able to have one NTLM domain to > >>>>> authenticate against. > >>>> > >>>> For what reason? What does currently not work? > >>>> Give us an example please. > >>>> > >>>> > >>> Personally I never needed such feature but customers who use reverse > >>> proxy as SSL VPN they say they need it. > >> > >> So, the question remains "What kind of feature?". > >> > > > > Each URL Rule should be able to authenticate against a configurable AD > > domain! > > If you are not able to specify the "feature" more detailed you have to add > one or two zeros to your offer (at least) or otherwise try to find someone > in india. There should be tons of mails in your spam-folder offering > software development for nothing. > > -- > Arno Garrels > > > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
