About authorization

Applies To: Windows Server 2008, Windows Server 2008 R2

It is important to understand the following distinction between authentication and authorization to understand why connection attempts are either accepted or denied:

• Authentication is the process of verifying the credentials of clients trying to connect to the server. This process consists of sending the credentials from the client to the server and using an authentication scheme to identify the user.

• Authorization is the process of verifying that the client is allowed to connect to the server. Authorization occurs after authentication is successful. During the authorization process, the server checks the user against the access permissions set for the resource to which the user is trying to connect.

Windows Media Services includes the following authorization plug-ins that you can enable to control the access to content by authenticated users:

WMS NTFS ACL Authorization

WMS IP Address Authorization

WMS Publishing Points ACL Authorization

If you enable an authorization plug-in, it is required that you also enable an authentication plug-in for users to be able to access your publishing points. However, the WMS IP Address Authorization plug-in does not require an authentication plug-in to authenticate a player.

You can enable authorization plug-ins at both the server and the publishing point levels. If you enable an authorization plug-in for a server and another for a publishing point on the server, both authorization plug-ins are used to authorize a user, but the plug-in for the server is used first. If you enable multiple authorization plug-ins for a server or for a publishing point, all the plug-ins are used in the order they appear on the Properties tab for the server or publishing point. If a user is denied access by any of the plug-ins, the authorization process terminates, and the server checks whether another authentication plug-in is enabled to authenticate the user.

See Also

Concepts

About authentication