What are the methods of Web proxy authentication?

A proxy is a program that allows a computer running it to gain access to the Internet.

Proxies can also be called proxy server, web proxy, transparent internet cache and Web cache. They are used as an aid for browsing the net by multiple people. Each client is given an IP address and a proxy server can be used to hide the client's true IP address and keep track of the client's browsing activity. A proxy server may allow different types of authentication protocols.

HTTP Proxy Authentication. In HTTP authentication, The proxy server authenticates the user of the HTTP proxy server. If the proxy server is authenticated, and if the user agent (usually the Web browser) provides appropriate credentials, then HTTP authentication is passed on to the proxied Web site. In the HTTP protocol, the proxy server should use the following four-way handshake (request-response) that uses a challenge-response paradigm, where the proxy can either challenge the web site for credentials or pass it through with the credentials passed on from the web site to the proxy server:

Request for the username/password. The Web browser presents credentials (typically a password) that matches those of the user's account for the proxy server. This initiates the authentication process.

Proxy responds with a response code as detailed in Section 7.2 of .

Proxy requests a challenge from the user agent. User agent responds with a header containing a challenge to respond to. Proxy responds by providing the header field, WWW-Authenticate, as specified in Section 10.1 of . If this header is not received, the proxy will provide a 407 (Proxy Authentication Required) status code, as defined in .

User agent responds with a header containing credentials in a WWW-Authenticate header, using the credentials in the WWW-Authenticate header from step #3 of the preceding handshake. How a web site administrator can validate that proxy's connection and whether the proxy passes information to the Web server. Secure Sockets Layer Protocol. SSL is a secure encrypted protocol which ensures the connection between the web server and the web browser is secure. There are three basic steps for encryption within SSL.

What is proxy user authentication?

Proxy user authentication is a special form of authentication whereby a system user (eg administrator) authorizes access to a remote system (eg a database server) to a particular client computer or workstation. It allows you to control who can access a remote system based on your own criteria rather than simply based on the system's internal security settings, or without explicitly authenticating all clients (or workstations) that connect to the remote system. This allows you to keep your security measures and policies consistent across your network.

You can also use proxy user authentication to give your clients access to remote systems without having to worry about whether they will violate system security policies or cause system damage. If you want to know more about how this works, read on.

How can proxy user authentication be useful? This feature works similarly to other forms of authentication. The system user authorizes access to a remote system by telling the proxy authentication agent (PAA) which users are allowed to access which parts of the remote system.

The PAA then issues an authenticator, a unique security token, to each user in order to allow them access to a particular system resource. When the user logs on to a remote system, the remote system checks the authenticator that it received from the PAA before granting the user access to the requested resource. A user who provides an invalid authenticator will be denied access to the system resources that require authentication.

The following diagram illustrates the relationship between the PAA, the authenticator, the user's system account, and the remote system. When should I use proxy user authentication? If you want to grant access to one or more system resources to specific users on a per-user basis, proxy user authentication is for you. It allows you to set permissions on a per-user basis, such as the following: User Bob is allowed to access Remote Database 1, but not Remote Database 2. User Sally is allowed to access Remote Database 3. User Carol is allowed to access Remote Database 4. In addition, this feature allows you to deny access to system resources on a per-user basis.

What is proxy verification?

Proxy verification is a service that is provided by the Proxy Authentication and Authorization Clearinghouse (PA-AC) to assist in verifying the identity of a proxy for a system. Information about proxy verification is found in NPSS 1.9, "Using Proxy Verification."

When the proxy authentication or authorization server cannot verify the identity of a proxy with which it is communicating, the proxy authentication or authorization server attempts to find another proxy that is authenticated to it. This second proxy is known as the proxy for the user. If the second proxy is available, it becomes the user's proxy. If no second proxy is available, the proxy authentication or authorization server uses its own proxy. In this case, the system authenticates the proxy for the user to the system.

The proxy for a user can also be verified by the proxy for the user. For example, if a user connects to an online service through a proxy for the user, the proxy for the user can be authenticated by the system.

For more information on proxy authentication and authorization, see the Security Administrator Guide, "Using Proxy Authentication and Authorization." Figure 1 shows an example of how proxy authentication and authorization functions. Proxy authentication and authorization The system, acting as the proxy server, attempts to authenticate the proxy for the user.2. The system can determine if the proxy is authenticated by either the proxy or the proxy for the user.3. If the proxy is not authenticated, the system determines whether any proxy is available that is authenticated to the system.4. If no proxy is available, the system verifies the proxy for the user with the proxy authentication or authorization server.

When a proxy for the user is authenticated to the system, the proxy becomes the user's proxy and should be used to access network resources and services. Proxy authentication and authorization must be configured to allow proxies to be used to access resources and services. See the Security Administrator Guide, "Configuring Proxy Authentication and Authorization."
When a proxy that is used to access network resources and services is not verified, the proxy is an unverified proxy. An unverified proxy may expose users to risks such as information disclosure, and can impact the security of some network services.

How to verify proxies. A proxy should be verified in order to protect the user from a risk posed by unverified proxies.