Forefront TMG can allow or deny Web access to resources based on user authentication. Web authentication is used in the following scenarios:
- Web access—Outbound Web proxy requests. For
information about the authentication process, see Planning for Web access
authentication.
- Web publishing—Incoming requests for
published servers. For information about the authentication
process, see About authentication in
Web publishing.
The following table summarizes the methods and servers that are used for both the scenarios.
| Authentication method | Web access | Web publishing | Authentication Server |
|---|---|---|---|
|
HTTP authentication: Basic |
Yes |
Yes |
Active Directory Domain Services (AD DS) or Remote Authentication Dial-In User Service (RADIUS) Lightweight Directory Access Protocol (LDAP) for incoming requests only |
|
HTTP authentication: Basic |
Yes |
Yes |
AD DS, LDAP, or RADIUS |
|
HTTP authentication: Digest/WDigest |
Yes |
Yes |
AD DS |
|
HTTP authentication: Integrated (NTLM) |
Yes |
Yes |
AD DS |
|
Client certificate |
No (requests to upstream proxy server only) |
Yes |
AD DS |
|
Forms-based authentication |
No |
Yes |
AD DS, LDAP, RADIUS, RADIUS OTP, RSA SecurID |
For information about the methods and servers that are used in Web access and Web publishing authentication, see: