Default authentication settings (Office SharePoint Server)

SharePoint 2007

Updated: July 15, 2008

Applies To: Office SharePoint Server 2007

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.


Topic Last Modified: 2015-03-09

In this article:

Authentication is the process of validating a user's identity. After a user's identity is validated, the authorization process determines which sites, content, and other network resources the user can access.

The following table lists the available authentication settings for creating Web applications in Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0.



Authentication provider

Negotiate (Kerberos)

Kerberos is the recommended authentication method to use with Integrated Windows authentication. Kerberos authentication requires the application pool account to be Network Service or special configuration by the domain administrator.

NTLM (default)

NTLM authentication will work with any application pool account and the default domain configuration.

Allow Anonymous


This indicates whether anonymous access is allowed. By default, anonymous access is not allowed.

No (default)

Use Secure Sockets Layer (SSL)


If you choose to use Secure Sockets Layer (SSL), you must use the Internet Information Services (IIS) administration tool to install an SSL wildcard certificate on each server. Until you do this, the Web application will be inaccessible from this IIS Web site.

No (default)

Database authentication

Windows authentication (recommended) (default)

Use of Windows authentication is strongly recommended.

SQL authentication

To use SQL authentication, specify the credentials that will be used to connect to the database.

In the Account box, type the name of the account that you want the Web application to use to authenticate to the Microsoft SQL Server database, and then type the password in the Password box.

If you need to change the authentication settings for a Web application that has been created or extended, select the default authentication options, and then configure authentication. (To do so, on the SharePoint Central Administration Web site, on the Application Management page, in the Application Security section, select Authentication providers, and then click the Zone to open the Edit Authentication page.)

The following table lists the authentication settings that can be changed for an authentication provider.



Authentication type


The standard IIS Windows authentication methods are supported.


Windows SharePoint Services 3.0 adds support for identity management systems that are not based on Windows by integrating with the ASP.NET forms authentication system. ASP.NET authentication enables Windows SharePoint Services 3.0 to work with identity management systems that implement the MembershipProvider interface. You do not need to rewrite the security administration pages or manage shadow Active Directory directory service accounts.

Web Single Sign on

Windows SharePoint Services 3.0 supports federated authentication through Web Single Sign-On (SSO) vendors. Web SSO enables SSO in environments that include services that are running on disparate platforms.

Anonymous access

Enable anonymous access (disabled by default)

Windows SharePoint Services 3.0 supports federated authentication through Web SSO vendors. Web SSO enables SSO in environments that include services that are running on disparate platforms. You do not need to manage separate Active Directory accounts.

IIS authentication settings (available only in Windows authentication)

Integrated Windows authentication

  • Negotiate (Kerberos)

  • NTLM (default)

By default, Integrated Windows authentication is selected.

Basic authentication (password is sent in clear text)

Users are prompted to enter their credentials every time that they access a document. Access to other resources might also require user credentials.

By default, Basic authentication is not selected.

Client Integration

Enable Client Integration?

  • Yes

  • No

By default, Client Integration is enabled in Windows authentication only.

(By default, Client Integration is not enabled in forms-based authentication and Web SSO Authentication.)

Membership provider name (available only in forms-based and Web SSO authentication)

Membership provider name (must)

The membership provider must be correctly configured in the Web.config file for the IIS Web site that hosts content on each Web server. The membership provider must also be added to the Web.config file for IIS site that hosts Central Administration.

Role manager name (available only in forms-based and Web SSO authentication)

Role manager name (optional)

The role manager must be correctly configured in the Web.config file.