Share via


HttpAuthenticationMode Enumeration

Specifies the different authentication modes that the Business Data Catalog can authenticate against Web Service systems.

Namespace:  Microsoft.Office.Server.ApplicationRegistry.SystemSpecific.WebService
Assembly:  Microsoft.SharePoint.Portal (in Microsoft.SharePoint.Portal.dll)

Syntax

'Declaration
Public Enumeration HttpAuthenticationMode
'Usage
Dim instance As HttpAuthenticationMode
public enum HttpAuthenticationMode

Members

Member name Description
PassThrough Pass-through authentication refers to the ability of the operating system to pass a client's authentication information to the back-end server. The Business Data Catalog supports pass-through authentication for both database and Web service connections. When you use pass-through authentication, you simply authenticate as the identity of the end user.

When the Business Data Catalog is used for crawling, it runs in the filter daemon process, mssdmn.exe. To access the back-end content source, the threads in the filter daemon process impersonate as the content access account associated with that back-end content source.

When the Business Data Catalog is accessed from a Web page, it runs in the Microsoft Internet Information Services (IIS) worker process, w3wp.exe. The identity of this process is the IIS application pool account impersonating the logged-on user. To avoid losing the logged-on user’s identity when the Business Data Catalog authenticates to the back-end server, you must enable Kerberos delegation between the server running IIS and the other computer. Kerberos delegation enables a receiving server to send the authentication request to the proper location.

A drawback to using pass-through authentication is that the operating system exposes only the user name and password. Therefore, if a company uses two-factor authentication (that is, users are required to have some specific—private—information in addition to a user name and password), you cannot use pass-through authentication.

Despite these drawbacks, simplicity of use makes pass-through authentication a good candidate for use in a testing environment. You might also use it if the destination server uses anonymous authentication or SSL connections.

RevertToSelf If a user logs on with Windows Authentication, IIS impersonates that particular account. So while IIS runs under the Application Pool Identity, it impersonates the logged-on user, and the request runs under the user’s impersonation before it is passed forward.

RevertToSelf authentication allows you to revert this impersonation and authenticate as the underlying account that is configured for the IIS Application Pool.

Caution

If custom code uses RevertToSelf() for authentication, it can grant users system-level privileges on the back-end servers by granting privileges to the Application Pool Identity. Therefore, you should never run any custom code on a production system until it has been thoroughly tested.

Credentials Microsoft Office SharePoint Server 2007 authenticates Web service systems by using credentials other than those from Windows Authentication from its default SSO service. These credentials are used for basic or digest authentication, depending on the configuration of the Web services server. Because basic and digest authentication do not adequately protect credentials, you should use SSL or IPSec or both to secure communication between the Web services server and the server running the Business Data Catalog.
WindowsCredentials Microsoft Office SharePoint Server 2007 authenticates by using Microsoft Windows credentials from its default single sign-on (SSO) service.

See Also

Reference

Microsoft.Office.Server.ApplicationRegistry.SystemSpecific.WebService Namespace