Forefront TMG can cache Basic and forms-based user credentials, improving the performance of revalidating the credentials for additional client requests. When credential caching is used, Forefront TMG validates the credentials once per TCP session, that is, for the first HTTP request of the session, and caches the credentials as validated. For subsequent HTTP requests, Forefront TMG validates the credentials by comparing them to the validated credentials that were cached in the first request.
You can enable credential caching in Web listener properties. This feature is enabled by default and caches credentials for 300 seconds.
Credential caching is supported for Active Directory Domain Services (AD DS) authentication, authentication over LDAP, and RADIUS authentication, and only when the client provides the credentials by using HTTP Basic authentication or forms-based authentication.