Overview of authentication in Forefront TMG

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

Forefront TMG can allow or deny Web access to resources based on user authentication. Web authentication is used in the following scenarios:

The following table summarizes the methods and servers that are used for both the scenarios.

Authentication method Web access Web publishing Authentication Server

HTTP authentication: Basic

Yes

Yes

Active Directory Domain Services (AD DS) or Remote Authentication Dial-In User Service (RADIUS)

Lightweight Directory Access Protocol (LDAP) for incoming requests only

HTTP authentication: Basic

Yes

Yes

AD DS, LDAP, or RADIUS

HTTP authentication: Digest/WDigest

Yes

Yes

AD DS

HTTP authentication: Integrated (NTLM)

Yes

Yes

AD DS

Client certificate

No (requests to upstream proxy server only)

Yes

AD DS

Forms-based authentication

No

Yes

AD DS, LDAP, RADIUS, RADIUS OTP, RSA SecurID

For information about the methods and servers that are used in Web access and Web publishing authentication, see:

Concepts

Access design guide for Forefront TMG