Overview of client authentication
Microsoft Forefront Threat Management Gateway can allow access to resources based on user authentication. User authentication is used in a range of scenarios, summarized in the following table:
| Authentication method | Outbound Web proxy requests | Incoming requests for published servers | Authentication Server |
|---|---|---|---|
HTTP authentication: Basic |
Yes |
Yes |
Active Directory or RADIUS LDAP (incoming requests only) |
HTTP authentication: Basic |
Yes |
Yes |
Active Directory, LDAP, or RADIUS |
HTTP authentication: Digest/WDigest |
Yes |
Yes |
Active Directory |
HTTP authentication: Integrated (NTLM) |
Yes |
Yes |
Active Directory |
Client certificate |
No (requests to upstream proxy server only) |
Yes |
Active Directory |
Forms-based authentication |
No |
Yes |
Active Directory, LDAP, RADIUS, RADIUS OTP, RSA SecurID |
This section describes how Forefront TMG manages authentication. It provides information about authentication and delegation methods supported by Forefront TMG and how the authentication process is handled.