IIS 6 & 7 supports following types of authentications
1) Anonymous Authentication : Anonymous authentication allows any user to access any public content without providing a user name and password challenge to the client browser. By default, Anonymous authentication is enabled in IIS 7.
2) Basic Authentication : The Basic authentication method is a widely used, industry-standard method for collecting user name and password information. Basic authentication transmits user names and passwords across the network in an unencrypted form. You can use your Web server's encryption features, in combination with Basic authentication, to secure user account information transmitted across the network. To use Basic authentication, grant each user the right to log on locally. For easier administration, add each user to a group that has access to the necessary files.
3) Digest Authentication : Digest authentication offers the same functionality as Basic authentication; however, Digest authentication provides a security improvement in the way that a user's credentials are sent across the network. Digest authentication transmits credentials across the network as an MD5 hash, or message digest, where the original user name and password cannot be deciphered from the hash
4) Windows Authentication : With Integrated Windows authentication (formerly called NTLM, and also known as Windows NT Challenge/Response authentication), the user name and password (credentials) are hashed before being sent across the network. When you enable Integrated Windows authentication, the client browser proves its knowledge of the password through a cryptographic exchange with your Web server, involving hashing.
1) Anonymous Authentication : Anonymous authentication allows any user to access any public content without providing a user name and password challenge to the client browser. By default, Anonymous authentication is enabled in IIS 7.
2) Basic Authentication : The Basic authentication method is a widely used, industry-standard method for collecting user name and password information. Basic authentication transmits user names and passwords across the network in an unencrypted form. You can use your Web server's encryption features, in combination with Basic authentication, to secure user account information transmitted across the network. To use Basic authentication, grant each user the right to log on locally. For easier administration, add each user to a group that has access to the necessary files.
3) Digest Authentication : Digest authentication offers the same functionality as Basic authentication; however, Digest authentication provides a security improvement in the way that a user's credentials are sent across the network. Digest authentication transmits credentials across the network as an MD5 hash, or message digest, where the original user name and password cannot be deciphered from the hash
4) Windows Authentication : With Integrated Windows authentication (formerly called NTLM, and also known as Windows NT Challenge/Response authentication), the user name and password (credentials) are hashed before being sent across the network. When you enable Integrated Windows authentication, the client browser proves its knowledge of the password through a cryptographic exchange with your Web server, involving hashing.
Besides these IIS 7 supports following
authentications
1) IIS Client Certificate Mapping Authentication
A certificate is a digitally signed statement that contains information about an entity and the entity's public key, thus binding these two pieces of information together. A trusted organization (or entity) called a Certification Authority (CA) issues a certificate after the CA verifies that the entity is who it says it is. Certificates can contain different types of data. For example, an X.509 certificate includes the format of the certificate, the serial number of the certificate, the algorithm used to sign the certificate, the name of the CA that issued the certificate, the name and public key of the entity requesting the certificate, and the CA's signature. X.509 client certificates simplify authentication for larger user bases because they do not rely on a centralized account database. You can verify a certificate simply by examining the certificate.
1) IIS Client Certificate Mapping Authentication
A certificate is a digitally signed statement that contains information about an entity and the entity's public key, thus binding these two pieces of information together. A trusted organization (or entity) called a Certification Authority (CA) issues a certificate after the CA verifies that the entity is who it says it is. Certificates can contain different types of data. For example, an X.509 certificate includes the format of the certificate, the serial number of the certificate, the algorithm used to sign the certificate, the name of the CA that issued the certificate, the name and public key of the entity requesting the certificate, and the CA's signature. X.509 client certificates simplify authentication for larger user bases because they do not rely on a centralized account database. You can verify a certificate simply by examining the certificate.
For more information refer : http://msdn.microsoft.com/en-us/library/ee817643.aspx
No comments:
Post a Comment