 Note: |
|---|
| This topic provides an overview of Web access authentication in Forefront TMG. For detailed information and the most up-to-date documentation, please see the Forefront TMG TechNet Library (http://go.microsoft.com/fwlink/?LinkID=131702). |
Forefront TMG enables you to request internal users to authenticate before they are allowed to access the Internet.
You can use one of the following methods to specify that authentication is required for Web access requests:
- Require users to authenticate whenever they
request Web access. Every Web session requires authentication.
When using this method, note the following:
- Anonymous Web access is disabled.
- Forefront TMG requests user credentials and
validates them before it checks the request against the Firewall
policy. If users fail to authenticate, their access request is
denied.
- This method is defined per network. Most
non-interactive clients, such as, the Windows Update client, cannot
authenticate, and are therefore denied access.
- Anonymous Web access is disabled.
- Require users to authenticate for specific
rules—You can configure individual access rules to require
authentication, so that authentication is required only for
requests that are checked against those rules. Using this method,
the requirement to authenticate is part of the access rule. For
more information about access rules and processing requests, see
Planning to
control network access.
| Note: |
|---|
| If authentication is not required, internal users can access the Internet without identifying themselves. |