About Authentication in ISA Server
The access policy and publishing rules of ISA Server can be configured to allow or deny a set of computers or a group of users from accessing specific servers. If the rule applies specifically to users, then the ISA Server checks the Web request properties for listeners on the array to determine how the user should be authenticated.
You can configure incoming and outgoing Web request settings so that users must always be authenticated by ISA Server before processing rules. This ensures that requests are allowed only if the user making the request is authenticated.
This section includes the following topics: