Guidelines For Designing Iis User Authentication

By Author: Jasmine
Total Articles: 286
Comment this article

When applications require strong authentication,MCSA Certification can be used. In the IIS interface and documentation, these certificates are referred to as client certificates. Certificate authentication is configured in a two-step process: certificates must be mapped to Windows user accounts, and the use of client certificates must be config?ured on the IIS Web site. Certificates can be issued by a Windows Certification Authority managed by the organization or a third-party public CA.

In this book, and in documentation of wireless clients and remote access, the term is used to represent the computer used to access the server or access point. The term certificate is often used to represent a certificate or the certificate issued to a computer or device. However, in the IIS interface and documentation, the term client certifi?cate refers to the use of a certificate issued to a user. Be careful when reading any discus?sion of client certificates because the meaning can be different depending on the topic discussed. In this chapter, to discuss the use of certificates for ...
... user authentication in IIS.
Two types of certificate mapping and certificate trust lists (CTLs) can be used. Directory Services (DS) mapping or IIS mapping types can be selected, or a list of trusted Certification Authorities can be identified by creating a Windows XP Professional. Certificate revocation lists (CRLs) are checked by default, and the process can be configured for better control over CRL refresh.
In general, if multiple authentication types are available, IIS will select the most secure type first and then attempt the other less secure types. However, there are two excep?tions. If IIS anonymous authentication is available, that will be used first; if .NET passport authentication is chosen, no other authentication type is available.
The user does not have to enter credentials to access Web pages to which the anonymous user account has been granted access. This allows public access to a public Web site. You constrain this access by setting NTFS permissions on files and folders on the Web site and server. If a user attempts access on a file or folder for which the anonymous user account does not have access, an attempt to authenticate the user will be made. Anonymous use will always be checked first, even if other settings are also made. This means a log of user access will indicate usage by the anonymous account.
NTLM or Kerberos authentication will be used. It is not supported over a proxy connection. Internet Explorer 4.0 or later must be used.
This authentication type requires a user ID and password. Credentials are passed over the network as an MD5 hash. This authentication type also requires MCSE study guides free download. Clients and servers must be members of or trusted by the same domain, and passwords must be stored by using reversible encryption.