Configuring Authentication
It is highly recommended that you use dual authentication, in which both front-end and back-end servers are configured to authenticate users. By default, front-end servers are configured to perform dual authentication.
However, if you have a locked-down perimeter network in which RPCs are not allowed across the intranet firewall, and it is impossible for the front-end server to authenticate users, you can use pass-through authentication.
Note
When you use pass-through authentication, anonymous HTTP requests go directly to the back-end server where they are authenticated. You should use pass-through authentication only if the front-end server cannot authenticate users. For more information, see Scenarios for Deploying a Front-End and Back-End Topology.
For detailed instructions about how to configure authentication on a front-end server, see How to Configure Authentication on a Front-End Server.