Главная » Linux

What is windows basic authentication

Содержание
  1. Basic Authentication
  2. Overview
  3. Compatibility
  4. Setup
  5. Windows Server 2012 or Windows Server 2012 R2
  6. Windows 8 or Windows 8.1
  7. Windows Server 2008 or Windows Server 2008 R2
  8. Windows Vista or Windows 7
  9. How To
  10. How to enable basic authentication and disable anonymous authentication
  11. Configuration
  12. Attributes
  13. Child Elements
  14. Configuration Sample
  15. Sample Code
  16. Windows Authentication Overview
  17. Feature description
  18. Practical applications
  19. Software requirements
  20. Server Manager information

Basic Authentication

Overview

The element contains configuration settings for the Internet Information Services (IIS) 7 Basic authentication module. You configure this element to enable or disable Basic authentication, identify the realm and default logon domain, and determine the logon method the module uses.

The Basic authentication scheme is a widely used, industry-standard method for collecting user name and password information. Basic authentication transmits user names and passwords across the network in an unencrypted form. You can use SSL encryption in combination with Basic authentication to help secure user account information transmitted across the Internet or a corporate network.

Compatibility

Version Notes
IIS 10.0 The element was not modified in IIS 10.0.
IIS 8.5 The element was not modified in IIS 8.5.
IIS 8.0 The element was not modified in IIS 8.0.
IIS 7.5 The element was not modified in IIS 7.5.
IIS 7.0 The element was introduced in IIS 7.0.
IIS 6.0 The element replaces portions of the IIS 6.0 AuthType and AuthFlags metabase properties.

Setup

The default installation of IIS 7 and later does not include the Basic authentication role service. To use Basic authentication on Internet Information Services (IIS), you must install the role service, disable Anonymous authentication for your Web site or application, and then enable Basic authentication for the site or application.

To install the Basic authentication role service, use the following steps.

Windows Server 2012 or Windows Server 2012 R2

  1. On the taskbar, click Server Manager.
  2. In Server Manager, click the Manage menu, and then click Add Roles and Features.
  3. In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.
  4. On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Security, and then select Basic Authentication. Click Next.
    .
  5. On the Select features page, click Next.
  6. On the Confirm installation selections page, click Install.
  7. On the Results page, click Close.

Windows 8 or Windows 8.1

  1. On the Start screen, move the pointer all the way to the lower left corner, right-click the Start button, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows features on or off.
  3. Expand Internet Information Services, expand World Wide Web Services, expand Security, and then select Basic Authentication.
  4. Click OK.
  5. Click Close.

Windows Server 2008 or Windows Server 2008 R2

  1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
  2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
  3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
  4. On the Select Role Services page of the Add Role Services Wizard, select Basic Authentication, and then click Next.
  5. On the Confirm Installation Selections page, click Install.
  6. On the Results page, click Close.

Windows Vista or Windows 7

  1. On the taskbar, click Start, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off.
  3. Expand Internet Information Services, expand World Wide Web Services, expand Security, select Basic Authentication, and then click OK.

How To

How to enable basic authentication and disable anonymous authentication

Open Internet Information Services (IIS) Manager:

If you are using Windows Server 2012 or Windows Server 2012 R2:

  • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.

If you are using Windows 8 or Windows 8.1:

  • Hold down the Windows key, press the letter X, and then click Control Panel.
  • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

If you are using Windows Server 2008 or Windows Server 2008 R2:

  • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

If you are using Windows Vista or Windows 7:

  • On the taskbar, click Start, and then click Control Panel.
  • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

In the Connections pane, expand the server name, expand Sites, and then click the site, application or Web service for which you want to enable basic authentication.

Scroll to the Security section in the Home pane, and then double-click Authentication.

In the Authentication pane, select Basic Authentication, and then, in the Actions pane, click Enable.

In the Authentication pane, select Anonymous Authentication, and then click Disable in the Actions pane.

Configuration

The element is configurable at the site, application, virtual directory, and URL level. After you install the role service, IIS 7 commits the following configuration settings to the ApplicationHost.config file.

Attributes

Attribute Description
defaultLogonDomain Optional String attribute.

Specifies the default logon domain for Basic authentication. enabled Optional Boolean attribute.

Specifies whether Basic authentication is enabled.

The default value is false . logonMethod Optional enum attribute.

The logonMethod attribute can be one of the following possible values. The default is ClearText .

Value Description
Batch This logon type is intended for batch servers, where processes may be executing on behalf of a user without that user’s direct intervention.

The numeric value is 1 .
ClearText This logon type preserves the name and password in the authentication package, which allows the server to make connections to other network servers while impersonating the client.

The numeric value is 3 .
Interactive This logon type is intended for users who will be using the computer interactively.

The numeric value is 0 .
Network This logon type is intended for high performance servers to authenticate plaintext passwords. Credentials are not cached for this logon type.

The numeric value is 2 .
realm Optional String attribute.

Specifies the realm for Basic authentication.

Child Elements

Configuration Sample

The following configuration sample enables Basic authentication for a Web site, Web application, or Web service. By default these settings must be included in your ApplicationHost.config file, and you must include them in a element and use the path attribute to define the Web site or application where you want to apply the authentication settings.

Sample Code

The following examples enable Basic authentication for a site.

Windows Authentication Overview

Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

This navigation topic for the IT professional lists documentation resources for Windows authentication and logon technologies that include product evaluation, getting started guides, procedures, design and deployment guides, technical references, and command references.

Feature description

Authentication is a process for verifying the identity of an object, service or person. When you authenticate an object, the goal is to verify that the object is genuine. When you authenticate a service or person, the goal is to verify that the credentials presented are authentic.

In a networking context, authentication is the act of proving identity to a network application or resource. Typically, identity is proven by a cryptographic operation that uses either a key only the user knows — as with public key cryptography — or a shared key. The server side of the authentication exchange compares the signed data with a known cryptographic key to validate the authentication attempt.

Storing the cryptographic keys in a secure central location makes the authentication process scalable and maintainable. Active Directory Domain Services is the recommended and default technology for storing identity information (including the cryptographic keys that are the user’s credentials). Active Directory is required for default NTLM and Kerberos implementations.

Authentication techniques range from a simple logon, which identifies users based on something that only the user knows — like a password, to more powerful security mechanisms that use something that the user has — like tokens, public key certificates, and biometrics. In a business environment, services or users might access multiple applications or resources on many types of servers within a single location or across multiple locations. For these reasons, authentication must support environments for other platforms and for other Windows operating systems.

The Windows operating system implements a default set of authentication protocols, including Kerberos, NTLM, Transport Layer Security/Secure Sockets Layer (TLS/SSL), and Digest, as part of an extensible architecture. In addition, some protocols are combined into authentication packages such as Negotiate and the Credential Security Support Provider. These protocols and packages enable authentication of users, computers, and services; the authentication process, in turn, enables authorized users and services to access resources in a secure manner.

For more information about Windows Authentication including

Practical applications

Windows Authentication is used to verify that the information comes from a trusted source, whether from a person or computer object, such as another computer. Windows provides many different methods to achieve this goal as described below.

To. Feature Description
Authenticate within an Active Directory domain Kerberos The Microsoft WindowsВ Server operating systems implement the Kerberos version 5 authentication protocol and extensions for public key authentication. The Kerberos authentication client is implemented as a security support provider (SSP) and can be accessed through the Security Support Provider Interface (SSPI). Initial user authentication is integrated with the Winlogon single sign-on architecture. The Kerberos Key Distribution Center (KDC) is integrated with other Windows Server security services running on the domain controller. The KDC uses the domain’s Active Directory directory service database as its security account database. Active Directory is required for default Kerberos implementations.

For additional resources, see Kerberos Authentication Overview.
Secure authentication on the web TLS/SSL as implemented in the Schannel Security Support Provider The Transport Layer Security (TLS) protocol versions 1.0, 1.1, and 1.2, Secure Sockets Layer (SSL) protocol, versions 2.0 and 3.0, Datagram Transport Layer Security protocol version 1.0, and the Private Communications Transport (PCT) protocol, version 1.0, are based on public key cryptography. The Secure Channel (Schannel) provider authentication protocol suite provides these protocols. All Schannel protocols use a client and server model.

For additional resources, see TLS — SSL (Schannel SSP) Overview.
Authenticate to a web service or application Integrated Windows Authentication

Digest Authentication

 For additional resources, see Integrated Windows Authentication and Digest Authentication, and Advanced Digest Authentication.
Authenticate to legacy applications NTLM NTLM is a challenge-response style authentication protocol.In addition to authentication, the NTLM protocol optionally provides for session security—specifically message integrity and confidentiality through signing and sealing functions in NTLM.

For additional resources, see NTLM Overview.
Leverage multifactor authentication Smart card support

Biometric support

 Smart cards are a tamper-resistant and portable way to provide security solutions for tasks such as client authentication, logging on to domains, code signing, and securing e-mail.

Biometrics relies on measuring an unchanging physical characteristic of a person to uniquely identify that person. Fingerprints are one of the most frequently used biometric characteristics, with millions of fingerprint biometric devices that are embedded in personal computers and peripherals.

For additional resources, see Smart Card Technical Reference.
Provide local management, storage and reuse of credentials Credentials management

Local Security Authority

Passwords

 Credential management in Windows ensures that credentials are stored securely. Credentials are collected on the Secure Desktop (for local or domain access), through apps or through websites so that the correct credentials are presented every time a resource is accessed.

Extend modern authentication protection to legacy systems Extended Protection for Authentication This feature enhances the protection and handling of credentials when authenticating network connections by using Integrated Windows Authentication (IWA).

Software requirements

Windows Authentication is designed to be compatible with previous versions of the Windows operating system. However, improvements with each release are not necessarily applicable to previous versions. Refer to documentation about specific features for more information.

Server Manager information

Many authentication features can be configured using Group Policy, which can be installed using Server Manager. The Windows Biometric Framework feature is installed using Server Manager. Other server roles which are dependent upon authentication methods, such as Web Server (IIS) and Active Directory Domain Services, can also be installed using Server Manager.

Читайте также:  Windows 10 free upgrade window
Оцените статью
© 2024 Советы по настройке компьютера