Configuring Authentication

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

You configure authentication for Web sites based on Microsoft by configuring authentication methods in Internet Information Services (IIS). uses the authentication method you specify for a virtual server in IIS to control authentication for all toplevel Web site and subsites of that virtual server. works with the following authentication methods in IIS:

  • Anonymous authentication

  • Basic authentication

  • Integrated Windows authentication

  • Certificates authentication (SSL)

You can change authentication methods for virtual servers hosting Web sites based on , and you can change the authentication method used for the SharePoint Central Administration site. You can also enable Secure Sockets Layer (SSL) security in IIS to help protect your sites or the administration port for your server.

Changing Authentication Methods

Each virtual server can use a different authentication method in Internet Information Services (IIS). You can even enable multiple authentication methods if you are using the same Web site content in more than one environment. For example, if you have a Web site that is primarily for internal use within your organization, you would most likely choose Integrated Windows authentication. If, however, your use of the site changes, and you must allow your organization's members to access the site externally through a firewall, you might also want to enable Basic authentication.

Note: Basic authentication is less secure than Integrated Windows authentication. For this scenario it is recommended that you use Basic authentication with SSL to help make your environment more secure.

When you change authentication methods in IIS, you do not need to change any settings in . For example, if you decide to use Integrated Windows authentication instead of Basic authentication, you make the change only in IIS.

Change authentication methods

  1. Click Start , point to All Programs , point to Administrative Tools , and then click Internet Information Services (IIS) Manager .

  2. Click the plus sign (+) next to the server name that contains the virtual server you want to change.

  3. Click the plus sign (+) next to Web sites .

  4. Right-click the virtual server, and then click Properties .

  5. On the Directory Security tab, under Authentication and access control , click Edit .

  6. Select the check boxes for the authentication methods you want to enable, and clear the check boxes for the authentication methods you want to disable.

  7. Click OK to close the Authentication Methods dialog box.

  8. Click OK again to close the Properties dialog box.

Note: For more information about IIS authentication methods, see the topic About Authentication in IIS 6.0 Help.

Enabling Secure Sockets Layer (SSL)

To enable SSL for a virtual server hosting Web sites based on , you can simply turn on SSL in IIS. If you want to use SSL for the SharePoint Central Administration virtual server, you must also use the setadminport command-line operation to enable SSL in .

Enabling SSL in IIS

You can enable SSL for a virtual server by using Internet Information Services (IIS) Manager. Note that you must have a certificate before you can enable SSL. For more information about SSL certificates, see the topics About Certificates and Setting Up SSL on Your Server in IIS 6.0 Help.

Enable SSL in IIS

  1. Click Start , point to All Programs , point to Administrative Tools , and then click Internet Information Services (IIS) Manager .

  2. Click the plus sign (+) next to the server name that contains the virtual server you want to change.

  3. Click the plus sign (+) next to Web sites .

  4. Right-click the virtual server, and then click Properties .

  5. On the Directory Security tab, under Secure communications , click Edit .

  6. In the Secure Communications dialog box, select the Require secure channel (SSL) check box, and then click OK .

  7. Click OK again to close the Properties dialog box.

Enabling SSL for the SharePoint Central Administration Pages

After you have enabled SSL for the SharePoint Central Administration virtual server in IIS, you must use the command line to configure to use SSL. Perform the following steps to configure to use SSL for the Central Administration pages.

Enable SSL for the SharePoint Central Administration pages

  1. If you have a server farm, you must set all of the servers in your server farm to use the same administration port by using syntax similar to the following:

stsadm.exe o setadminport p 443

Replace the port number in the example syntax with the port number you want to use for remote administration. Run this command on each Web front-end server in your server farm. Note that this step is for server farms only; you do not need to change the administration port if you are running on a single server.
  1. Configure the administration pages to use SSL by using syntax similar to the following:

stsadm.exe o setadminport ssl

If you have a server farm, you must run this command on each Web front-end server in your server farm.

Note: If you want a more secure administration port, it is recommended that you also use your firewall or the IIS IP and domain restrictions feature to restrict access to the administration port. With either the firewall or IP and domain restrictions, you can specify that requests from unauthorized IP addresses or network domain names be ignored. For more information about configuring IP and domain restrictions in IIS, see the IIS Help system. For more information about configuring your firewall to reject unauthorized requests, see the documentation for your firewall.

For more information about authentication methods or SSL, see "Windows SharePoint Services Security Model" in the Windows SharePoint Services Administrator's Guide.

For more information about using command-line operations such as setadminport , see Command-Line Operations .