Authentication Options in Internet Information Services (IIS) 7

Anonymous Authentication: In Anonymous Authentication the end user does not supply credentials and the user can use the service anonymously. IIS 7.0 uses fixed user account (USER_<computer_name>) to process the request

Basic Authentication: In Basic Authentication the end-user is prompted to supply credentials, which are then transmitted unencrypted across the network.

Digest Authentication: In Digest Authentication the user’s password is not passed in clear text across the network. Digest authentication hashes the user’s password using MD5 and sent across the network. Windows is unable to store MD5 hashes of passwords for local accounts, thus Digest authentication is only available for Active Directory accounts.

Integrated Windows Authentication: Integrated Windows Authentication uses two separate authentication mechanisms NTLM v2 and Kerberos. The password is never sent as clear text across the network. NTLM authentication uses a hashed version of the user’s password and Kerberos uses shared secrets between the client, Active Directory domain controller, and the IIS server to authenticate the user. Kerberos authentication is only available for Active Directory accounts, whereas NTLM can be used for local account.

Client Certificate Authentication: In Client Certificate Authentication the client presents a certificate to the server. The server is configured to map certificates to one or more Windows user accounts. SSL/TLS must be enabled for this authentication.

Forms-Based Authentication: Forms-based authentication (FBA) authenticates a user using an.HTML form. After authenticating via the.HTML form, an authentication cookie is set by the server. The client must return this cookie with each subsequent request in order for the request to be authenticated.

Related Tutorials