The FpcCredentialsDelegationType enumerated type contains values that specify the type of credentials that may be delegated to the published server for a Web publishing rule.
typedef enum FpcCredentialsDelegationType {
fpcDelegationNonePassThrough
The client's credentials are allowed to pass through the Forefront TMG computer to the Web server without any processing. The client and the Web server then negotiate the authentication method. This value is typically used in a scenario where the Web server requires some proprietary form of authentication and corresponds to the No delegation, but client may authenticate directly option in Forefront TMG Management.
= 0, fpcDelegationNoneBlock
No delegation of any credentials is allowed. If the published Web server requires authentication, Forefront TMG will not pass the authentication request to the client, and the client request will be denied. This value corresonds to the No delegation, and client cannot authenticate directly option in Forefront TMG Management.
= 1, fpcDelegationSecurID
Delegation of credentials in the form of an RSA SecurID cookie is allowed. This value corresonds to the RSA SecurID option in Forefront TMG Management.
= 2, fpcDelegationBasic
Credentials for Basic authentication may be forwarded in plaintext to the Web server. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the Basic authentication option in Forefront TMG Management.
= 3, fpcDelegationNTLM
Delegation using the NTLM challenge/response authentication protocol is allowed. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the NTLM authentication option in Forefront TMG Management.
= 4, fpcDelegationSPNEGO
Delegation using the Simple and Protected Negotiation (SPNEGO) protocol is allowed. If Forefront TMG can obtain a Kerberos ticket for the client from the domain controller, it uses Kerberos constrained delegation. If Forefront TMG cannot obtain a Kerberos ticket, it falls back to NTLM. The Web server must be configured to accept Integrated authentication. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the Negotiate (Kerberos/NTLM) option in Forefront TMG Management.
= 5, fpcDelegationKerberosConstrained
Kerberos constrained delegation is allowed. This value corresonds to the Kerberos constrained delegation option in Forefront TMG Management.
= 6 } FpcCredentialsDelegationType;
The client's credentials are allowed to pass through the Forefront TMG computer to the Web server without any processing. The client and the Web server then negotiate the authentication method. This value is typically used in a scenario where the Web server requires some proprietary form of authentication and corresponds to the No delegation, but client may authenticate directly option in Forefront TMG Management.
No delegation of any credentials is allowed. If the published Web server requires authentication, Forefront TMG will not pass the authentication request to the client, and the client request will be denied. This value corresonds to the No delegation, and client cannot authenticate directly option in Forefront TMG Management.
Delegation of credentials in the form of an RSA SecurID cookie is allowed. This value corresonds to the RSA SecurID option in Forefront TMG Management.
Credentials for Basic authentication may be forwarded in plaintext to the Web server. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the Basic authentication option in Forefront TMG Management.
Delegation using the NTLM challenge/response authentication protocol is allowed. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the NTLM authentication option in Forefront TMG Management.
Delegation using the Simple and Protected Negotiation (SPNEGO) protocol is allowed. If Forefront TMG can obtain a Kerberos ticket for the client from the domain controller, it uses Kerberos constrained delegation. If Forefront TMG cannot obtain a Kerberos ticket, it falls back to NTLM. The Web server must be configured to accept Integrated authentication. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the Negotiate (Kerberos/NTLM) option in Forefront TMG Management.
Kerberos constrained delegation is allowed. This value corresonds to the Kerberos constrained delegation option in Forefront TMG Management.
| Client | Requires Windows Vista or Windows XP. |
|---|---|
| Server | Requires Windows Server 2008. |
| Version | Requires Forefront Threat Management Gateway (TMG). |
| Header |
Declared in Comenum.h. |
Send comments about this topic to Microsoft
Build date: 11/30/2009
© 2008 Microsoft Corporation. All rights reserved.