Authentication

You can configure your server to authenticate, or determine a user's Windows NT account identity, before allowing that user to establish a network connection with your server. However, user authentication occurs only when anonymous access is disabled or when the Windows NT File System (NTFS) permissions require users to identify themselves with a valid Windows NT account user name and password.

As a server administrator, you should carefully choose an authentication method that meets both your security requirements and the capabilities of your user's Web browser.

This section contains:

• About Authentication:   A useful conceptual overview of authentication.
• Selecting Authentication Methods:   A procedure for selecting an authentication method.
• Configuring the Anonymous Access Account:   Follow this important procedure for setting anonymous Web server access.
• Setting the Default Logon Domain:   A procedure for configuring the Basic authentication logon domain.
• Enabling Basic Authentication:   Steps for enabling your Web server's Basic authentication feature.
• Notifying Clients of Password Status:   A feature that allows administrators to notify clients of Windows NT password expiration status.
• Enabling Windows NT Challenge/Response Authentication:   A procedure for activating the cryptographic Challenge/Response authentication feature.
• Setting Up SSL on Your Server:   An overview procedure for setting up Secure Sockets Layer (SSL) on your server.
• Creating and Managing Server Key Pairs:   A procedure for creating and manipulating encryption key pairs.
• Obtaining a Server Certificate:   Learn how to obtain an server certificate needed to use SSL.
• Adding a Certificate Authority Certificate to Your Server:    Add new certificate authorities to your server's list of trusted issuing authorities.
• About Client Certificates:   Learn about digital identification authentication.
• Obtaining a Client Certificate:   An overview about obtaining user digital identifications, called client certificates.
• Enabling Client Certificates:   A procedure for enabling SSL authentication of client certificates.
• Obtaining Client Certificate Information with ASP:   Learn how to add to your Web pages an ASP sever-side script to that extracts and saves the contents of a user's client certificate to a text file.
• Mapping Client Certificates to User Accounts:   Use client certificates to connect users directly to Windows NT accounts.

This section does not contain information on:

• Regulating how users access your Web server files and directories; see Access Control.

© 1997 by Microsoft Corporation. All rights reserved.: