6.3.7. HTTP Basic Authentication Method

The Basic option enables authorization of users with an explicitly set proxy using a local and LDAP user database. This authentication type is not recommended for use because it transmits the username and password over the network in plain text. The HTTP Basic authentication can be used to automatically authorize command-line utilities that need Internet access, for example:

curl -x -U user: password http://www.msn.com

To configure HTTP Basic authorization, follow these steps:



Step 1. Create DNS records for the UserGate server.

On the domain controller, create DNS records corresponding to the UserGate server to be used as the auth.captive and logout.captive domains (e.g., auth.domain.loc and logout.domain.loc).

Point it to the IP address of a UserGate interface connected to the Trusted network.

Step 2. Change the Captive portal auth domain address.

In the General settings section, change the Captive portal auth domain and (optionally) Captive portal logout domain addresses.

For the Captive portal auth domain, specify the DNS record created at the previous step.

Do the same for the Captive portal logout domain.

For more details on changing the addresses of the captive portal's Auth and Logout domains, see the section Captive Portal Configuration.

Step 3. Create a captive portal rule with HTTP Basic authentication.

Configure the captive portal for using the HTTP Basic authentication method.

In addition to configuring the HTTP Basic method itself, you also need to add the user database that will be used for authentication (e.g., add the Local user or LDAP server authentication methods).

The captive portal is described in more detail in the following chapters.

Step 4. Enable HTTP(S) service access for the zone.

In the Zones section, enable access to the HTTP(S) proxy service for the zone to which the users authorized using HTTP Basic are connected.

Step 5. Configure a proxy on user computers.

On the user computers, turn on mandatory proxy use and specify the IP address of a Trusted interface of UserGate as the proxy address.