Configure Basic authentication for a claims-based Web application (SharePoint Server 2010)

 

Applies to: SharePoint Server 2010, SharePoint Foundation 2010

This article describes how to configure basic authentication for one or more zones within a Microsoft SharePoint Server 2010 claims-based Web application. A Web application is an Internet Information Services (IIS) Web site that SharePoint Server 2010 creates and uses. Zones represent different logical paths for gaining access to the network services that are available within the same Web application. Within each Web application, you can create up to five zones. A different Web site in IIS represents each zone. Use zones to enforce different access and policy conditions for large groups of users. To configure basic authentication for one or more zones in a SharePoint Server 2010 Web application, use the IIS Management Console to directly configure IIS.

Basic authentication requires previously assigned Windows account credentials for user access. Basic authentication enables a Web browser to provide credentials when the browser makes a request during an HTTP transaction. Because user credentials are not encrypted for network transmission but are sent over the network in plaintext, we do not recommend using basic authentication over an unsecured HTTP connection. To use basic authentication, you should enable Secure Sockets Layer (SSL) encryption.

Configure IIS to enable basic authentication

Use the IIS Management Console to configure IIS to enable basic authentication for one or more of the following zones for a claims-based Web application:

Note

The Default zone is the zone that is first created when a Web application is created. The other zones are created by extending a Web application.

  • Default

  • Intranet

  • Extranet

To configure IIS to enable basic authentication

  1. Verify that you have one of the following administrative credentials:

    • You must be a member of the Administrators group on the server on which you are configuring IIS.
  2. On the Start menu, point to All Programs, click Administrative Tools , and then click Internet Information Services (IIS) Manager to start the IIS Management Console.

  3. Expand Sites on the console tree, right-click the IIS Web site that corresponds to the Web application zone on which you want to configure Basic authentication.

  4. In Features View, double-click Authentication.

  5. On the Authentication page, select Basic Authentication.

  6. In the Actions pane, click Enable to use Basic authentication with the default settings.

  7. In the Actions pane, click Edit to enter a realm name.

  8. In the Edit Basic Authentication Settings dialog box, in the Realm text box, type the appropriate realm and click OK.

At this point, the Web site is configured to use basic authentication.

For information about creating a claims-based Web application in SharePoint Server 2010, see Create claims-based web applications in SharePoint 2010.

If you want credentials of users to be sent over a network in a form that is not encrypted, select Basic authentication (password is sent in clear text).

securitySecurity Note
You can select basic authentication or integrated Windows authentication, or both. If you select both, SharePoint Server 2010 will offer both authentication types to the client Web browser. The client Web browser then determines the type of authentication to use. If you only select basic authentication, ensure that SSL is enabled; otherwise, the credentials can be intercepted by a malicious user.