Share via

Application Gateway V2 Still able to support NTLM Authentication

Qi-Jian-Huang-DevOps 166 Reputation points
2022-10-17T18:39:42.93+00:00

Hi,

I need to setup Application Gateway with Octopus Deploy application which it is enabled with NTLM authentication.

According this document, NTLM and Kerberos authentication is not supported by Application Gateway v2.
https://learn.microsoft.com/en-us/azure/application-gateway/migrate-v1-v2

However, the connection seems still working, I experience no issue with Application Gateway V2 at all, is anyone know why this is the case?

Thanks

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,014 questions
0 comments
Accepted answer
  1. JimmySalian-2011 42,071 Reputation points
    2022-10-17T18:59:02.43+00:00

    Hi Jian,

    Yes you are correct as per the SKU V2 NTLM proxying is not supported, however I will suggest you provide a feedback via this page for this - 8ae9bf04-8326-ec11-b6e6-000d3a4f0789

    ----
    Please don't forget to upvote and Accept as answer if the reply is helpful

    If this answer helped you please mark it as "Verified" so other users can reference it.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daniel Crowther 11 Reputation points
    2022-11-07T01:07:06.427+00:00

    We are in the process of moving an application from in house to an Azure VM and Application Gateway v2 was selected as the proxy for the system. The application uses NTLM Authentication to identify the users.

    During the setup up of the application it appears that NTLM is working correctly. It prompts the user for credentials and we can valid them against the Local Active Directory.

    However once we moved to user testing. We started to notice that people were at times seeing the wrong credentials in the application. After further testing, it turns out with more than one person accessing the application at the same time, that Application Gateway will switch back and forth between the credentials that are sent to the application.

    So while it may appear that NTLM authentication is working, it is not working correctly. It is like it is failing silently, would be better if it through an error if NTLM was present in the request.

    Those that think it is working for them, might need to test it further and check they are always getting the correct credentials.

    2 people found this answer helpful.
  2. Bollwerk, Pete 46 Reputation points
    2022-10-21T16:23:39.47+00:00

    To be more clear, what this means is that any website sitting behind the V2 gateway won't support NTLM or Kerboros based authentication passing through the gateway.
    We had a scenario where we tried to put an SSRS report website behind a V2 gateway, and the site required a domain login authentication. This failed to work, due to the V2 gateway not supporting that authentication protocol passing through it. So we had to scrap the V2 gateway and use a V1.