Authentication and Authorization

When creating a Web server, the first consideration, after "What content shall we host?" is generally "To whom shall we provide that content?" The concept of choosing which users are allowed access to which content rests on the foundation of a good authentication mechanism.

As befits an Internet standard, HTTP has many client authentication mechanisms to choose from, with varying benefits and drawbacks. The authentication methods available with IIS 7 as shipped are Anonymous, Basic, Client Certificate Mapping, Digest, Forms, and Windows Integrated. (See Chapter 2 for additional descriptions of some of these methods.) Of these methods, Anonymous, Basic, Client Certificate Mapping, Digest, and Forms authentication ...

Get Windows Server® 2008 Security Resource Kit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.