On Thu, Apr 8, 2010 at 2:35 PM, flapjack <nginx-forum@nginx.us> wrote:
> I config a reverse proxy to Windows IIS 6.0 (windows auth), visit windows server url is ok.
>
> Visit nginx proxy to this site tips my input pwd & username, repeat this tips input over, repeat, repeat, repeat, repeat.
It won't work at least until nginx supports backend keep-alive and
connection affinity with the front end. Right now nginx opens and
closes a connection to the back end with each request (like many
caches do). Microsoft NTLM authentication over HTTP requires that
everything happens over a single HTTP connection (in violation of many
HTTP RFCs).
See:
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true
Try using digest authentication on the IIS side instead of NTLM
authentication if your infrastructure supports it. It is equally
secure, and you can use the same username and password. If you're
already using SSL, basic authentication is fine too. Both of these
options will prompt for a username and password, but you can still use
the windows username and password.
--
RPM
_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx