You cannot open a Web folder that is published behind ISA Server 2000 by using FrontPage 2000

When you try to access a Web folder in Microsoft FrontPage 2000 on a computer that is published behind Microsoft Internet Security and Acceleration (ISA) Server 2000, you cannot open the Web folder.

This problem occurs if the computer that contains the Web folder is published by using the ISA Server 2000 Web filter for RSA SecurID authentication. This problem may also occur with other types of Forms-based or cookie-based Single Sign On solutions.

How to obtain the hotfix

This issue is fixed in the FrontPage 2000 post-Service Pack 3 Hotfix Package that is dated June 14, 2004. For additional information, click the following article number to view the article in the Microsoft Knowledge Base: Important This hotfix does not enable support for Forms-based Authentication in FrontPage 2000. This hotfix resolves the problem where FrontPage 2000 does not submit a previously-obtained cookie in POST requests. After you install this hotfix, FrontPage 2000 correctly sends a previously-obtained cookie in POST requests. Before you can successfully open a Web folder by using FrontPage 2000, you must obtain a cookie by using the typical method or methods. For example, you must visit the Web site before you try to open the Web folder.

Additionally, you may want to modify the RSA cookie expiration settings in ISA Server. By default, cookies expire after 15 minutes in ISA Server 2000. Therefore, a Web folder request might be the first request that is performed after a cookie expires. In this scenario, because FrontPage 2000 does not support Forms-based authentication, the Web folder request is unsuccessful. Instead of configuring cookies to expire after a certain time limit, you may want to configure cookies to expire after a certain period of inactivity.

To do this, follow these steps:

1.	Start the ISA Management tool.
2.	Expand Servers and Arrays, expand your ISA Server computer, expand Publishing, and then click Web Publishing Rules.
3.	In the right pane, double-click your Web publishing rule, and then click the RSA SecurID tab.
4.	Click Cookies Expire If Not Used Within the Specified Time.
5.	In the Expiration Time box, type the number of minutes that you want to use for the period of inactivity, and then click OK.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

The ISA Server 2000 Web filter for RSA SecurID authentication works by determining if a client request contains a valid RSA cookie. If the client request does not contain a valid RSA cookie, the Web filter for RSA SecurID authentication returns a SecurID logon form to the client program so that the client program can submit credentials to the Web filter. If the client request contains a valid RSA cookie, ISA Server passes the client request to the published Web server computer.

FrontPage 2000 does not currently support Forms-based Authentication (also known as cookie-auth). Therefore, the client browser must obtain a valid RSA cookie when it first connects to Web site that contains the Web folder. This problem occurs because after the client browser obtains a valid RSA cookie, the FrontPage 2000 Web folder client does not submit that cookie in subsequent POST requests. The RSA filter therefore returns a SecurID logon form to the client that FrontPage 2000 does not know how to respond to.

The Web filter for RSA SecurID authentication is included in ISA Server 2000 Feature Pack 1. For additional information about ISA Server 2000 Feature Pack 1, visit the following Microsoft Web site: