Use the Authentication feature page to configure the authentication methods that clients can use to gain access to your content.

Sort the list by clicking one of the feature page column headings or select a value from the Group by drop-down list to group similar items.

UI Element List

Element Name Description

AD Client Certificate Authentication

AD Client Certificate authentication allows you to use Active Directory directory service features to map users to client certificates for authentication. Mapping users to client certificates lets you automatically authenticate users, without other authentication methods such as Basic, Digest, or Integrated Windows authentication.

This kind of authentication is not available on Windows® 7 Home Premium, Windows® 7 Home Basic, or Windows® 7 Starter.

Anonymous Authentication

Anonymous authentication allows any user to access any public content without providing a user name and password. By default, Anonymous authentication is enabled in IIS 7.

Note

 Use Anonymous authentication when you want all clients who visit your site to be able to view its content.

ASP.NET Impersonation

ASP.NET impersonation allows you to run ASP.NET applications under a context other than the default ASPNET account. Use impersonation with other IIS authentication methods or set up an arbitrary user account.

Basic Authentication

Basic authentication requires that users provide a valid user name and password to gain access to content.

Note

Basic authentication transmits passwords across the network with weak encryption. You should use Basic authentication only when you know that the connection between the client and the server is secure.

Digest Authentication

Digest authentication uses a Windows domain controller to authenticate users who request access to content on your server. Consider using Digest authentication when you need improved security over Basic authentication.

This kind of authentication is not available on Windows® 7 Home Premium, Windows® 7 Home Basic, or Windows® 7 Starter.

Note

Any browser that does not support the HTTP 1.1 protocol cannot support Digest authentication.

Forms Authentication

Forms authentication uses client-side redirection to forward unauthenticated users to an HTML form where they can enter their credentials, which are usually a user name and password. After the credentials are validated, users are redirected to the page they originally requested.

Important

Because Forms authentication sends the user name and password to the Web server as plain text, you should use Secure Sockets Layer (SSL) encryption for the logon page and for all other pages in your application.

Windows Authentication

Windows authentication uses NTLM or Kerberos protocols to authenticate clients. Windows authentication is best suited for an intranet environment. Windows authentication is not suited for use on the Internet because that environment does not require or encrypt user credentials.

This kind of authentication is not available on Windows® 7 Home Premium, Windows® 7 Home Basic, or Windows® 7 Starter.

Important

The default setting for Windows authentication is Negotiate. This setting means that the client can select the appropriate security support provider.

See Also