FpcCredentialsDelegationType Enumeration

The FpcCredentialsDelegationType enumerated type contains values that specify the type of credentials that may be delegated to the published server for a Web publishing rule.

Syntax

typedef enum FpcCredentialsDelegationType {
  fpcDelegationNonePassThrough
fpcDelegationNonePassThrough

The client's credentials are allowed to pass through the Forefront TMG computer to the Web server without any processing. The client and the Web server then negotiate the authentication method. This value is typically used in a scenario where the Web server requires some proprietary form of authentication and corresponds to the No delegation, but client may authenticate directly option in Forefront TMG Management.

	 = 0,
  fpcDelegationNoneBlock
fpcDelegationNoneBlock

No delegation of any credentials is allowed. If the published Web server requires authentication, Forefront TMG will not pass the authentication request to the client, and the client request will be denied. This value corresonds to the No delegation, and client cannot authenticate directly option in Forefront TMG Management.

			 = 1,
  fpcDelegationSecurID
fpcDelegationSecurID

Delegation of credentials in the form of an RSA SecurID cookie is allowed. This value corresonds to the RSA SecurID option in Forefront TMG Management.

			 = 2,
  fpcDelegationBasic
fpcDelegationBasic

Credentials for Basic authentication may be forwarded in plaintext to the Web server. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the Basic authentication option in Forefront TMG Management.

				 = 3,
  fpcDelegationNTLM
fpcDelegationNTLM

Delegation using the NTLM challenge/response authentication protocol is allowed. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the NTLM authentication option in Forefront TMG Management.

				= 4,
  fpcDelegationSPNEGO
fpcDelegationSPNEGO

Delegation using the Simple and Protected Negotiation (SPNEGO) protocol is allowed. If Forefront TMG can obtain a Kerberos ticket for the client from the domain controller, it uses Kerberos constrained delegation. If Forefront TMG cannot obtain a Kerberos ticket, it falls back to NTLM. The Web server must be configured to accept Integrated authentication. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the Negotiate (Kerberos/NTLM) option in Forefront TMG Management.

				= 5,
  fpcDelegationKerberosConstrained
fpcDelegationKerberosConstrained

Kerberos constrained delegation is allowed. This value corresonds to the Kerberos constrained delegation option in Forefront TMG Management.

   = 6
} FpcCredentialsDelegationType;

Constants

fpcDelegationNonePassThrough

The client's credentials are allowed to pass through the Forefront TMG computer to the Web server without any processing. The client and the Web server then negotiate the authentication method. This value is typically used in a scenario where the Web server requires some proprietary form of authentication and corresponds to the No delegation, but client may authenticate directly option in Forefront TMG Management.

fpcDelegationNoneBlock

No delegation of any credentials is allowed. If the published Web server requires authentication, Forefront TMG will not pass the authentication request to the client, and the client request will be denied. This value corresonds to the No delegation, and client cannot authenticate directly option in Forefront TMG Management.

fpcDelegationSecurID

Delegation of credentials in the form of an RSA SecurID cookie is allowed. This value corresonds to the RSA SecurID option in Forefront TMG Management.

fpcDelegationBasic

Credentials for Basic authentication may be forwarded in plaintext to the Web server. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the Basic authentication option in Forefront TMG Management.

fpcDelegationNTLM

Delegation using the NTLM challenge/response authentication protocol is allowed. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the NTLM authentication option in Forefront TMG Management.

fpcDelegationSPNEGO

Delegation using the Simple and Protected Negotiation (SPNEGO) protocol is allowed. If Forefront TMG can obtain a Kerberos ticket for the client from the domain controller, it uses Kerberos constrained delegation. If Forefront TMG cannot obtain a Kerberos ticket, it falls back to NTLM. The Web server must be configured to accept Integrated authentication. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the Negotiate (Kerberos/NTLM) option in Forefront TMG Management.

fpcDelegationKerberosConstrained

Kerberos constrained delegation is allowed. This value corresonds to the Kerberos constrained delegation option in Forefront TMG Management.

Requirements

Client Requires Windows Vista or Windows XP.
Server Requires Windows Server 2008.
Version Requires Forefront Threat Management Gateway (TMG).
Header

Declared in Comenum.h.

See Also

Enumerated Types


Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.