Export (0) Print
Expand All

Default authentication settings (Office SharePoint Server)

Office 2007

Updated: July 15, 2008

Applies To: Office SharePoint Server 2007

Updated: 2008-07-15

In this article:

Authentication is the process of validating a user's identity. After a user's identity is validated, the authorization process determines which sites, content, and other network resources the user can access.

Authentication settings for new Web applications

The following table lists the available authentication settings for creating Web applications in Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0.

SettingsDescription

Authentication provider

Negotiate (Kerberos)

Kerberos is the recommended authentication method to use with Integrated Windows authentication. Kerberos authentication requires the application pool account to be Network Service or special configuration by the domain administrator.

NTLM (default)

NTLM authentication will work with any application pool account and the default domain configuration.

Allow Anonymous

Yes

This indicates whether anonymous access is allowed. By default, anonymous access is not allowed.

No (default)

Use Secure Sockets Layer (SSL)

Yes

If you choose to use Secure Sockets Layer (SSL), you must use the Internet Information Services (IIS) administration tool to install an SSL wildcard certificate on each server. Until you do this, the Web application will be inaccessible from this IIS Web site.

No (default)

Database authentication

Windows authentication (recommended) (default)

Use of Windows authentication is strongly recommended.

SQL authentication

To use SQL authentication, specify the credentials that will be used to connect to the database.

In the Account box, type the name of the account that you want the Web application to use to authenticate to the Microsoft SQL Server database, and then type the password in the Password box.

Authentication settings for authentication providers

If you need to change the authentication settings for a Web application that has been created or extended, select the default authentication options, and then configure authentication. (To do so, on the SharePoint Central Administration Web site, on the Application Management page, in the Application Security section, select Authentication providers, and then click the Zone to open the Edit Authentication page.)

The following table lists the authentication settings that can be changed for an authentication provider.

SettingsDescriptions

Authentication type

Windows

The standard IIS Windows authentication methods are supported.

Forms

Windows SharePoint Services 3.0 adds support for identity management systems that are not based on Windows by integrating with the ASP.NET forms authentication system. ASP.NET authentication enables Windows SharePoint Services 3.0 to work with identity management systems that implement the MembershipProvider interface. You do not need to rewrite the security administration pages or manage shadow Active Directory directory service accounts.

Web Single Sign on

Windows SharePoint Services 3.0 supports federated authentication through Web Single Sign-On (SSO) vendors. Web SSO enables SSO in environments that include services that are running on disparate platforms.

Anonymous access

Enable anonymous access (disabled by default)

Windows SharePoint Services 3.0 supports federated authentication through Web SSO vendors. Web SSO enables SSO in environments that include services that are running on disparate platforms. You do not need to manage separate Active Directory accounts.

IIS authentication settings (available only in Windows authentication)

Integrated Windows authentication

  • Negotiate (Kerberos)

  • NTLM (default)

By default, Integrated Windows authentication is selected.

Basic authentication (password is sent in clear text)

Users are prompted to enter their credentials every time that they access a document. Access to other resources might also require user credentials.

By default, Basic authentication is not selected.

Client Integration

Enable Client Integration?

  • Yes

  • No

By default, Client Integration is enabled in Windows authentication only.

(By default, Client Integration is not enabled in forms-based authentication and Web SSO Authentication.)

Membership provider name (available only in forms-based and Web SSO authentication)

Membership provider name (must)

The membership provider must be correctly configured in the Web.config file for the IIS Web site that hosts content on each Web server. The membership provider must also be added to the Web.config file for IIS site that hosts Central Administration.

Role manager name (available only in forms-based and Web SSO authentication)

Role manager name (optional)

The role manager must be correctly configured in the Web.config file.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft