Share via


Authentication: Stsadm operation (Windows SharePoint Services)

Applies To: Windows SharePoint Services 3.0

 

Topic Last Modified: 2007-06-08

Operation name: Authentication

Description

Authentication is the process by which Windows SharePoint Services 3.0 verifies who the user is. Authentication provides the user identity input to the authorization process, which determines which actions the current user is allowed to perform on a given object.

The administrator can select any one of the following authentication settings when a Web application is provisioned:

  • Windows authentication- Allows Internet Information Services (IIS) to perform the authentication for Windows SharePoint Services 3.0, for example, Kerberos, NTLM, Basic, Certificates, etc.

  • Forms-based authentication- Allows ASP.NET to perform the authentication for, for example, Windows SharePoint Services 3.0 redirect to a login page.

  • Other, such as WebSSO.

Syntax

stsadm -o authentication

**   -url <URL name>**

**   -type <type>**

**\[-usebasic\]**

**\[-usewindowsintegrated\]**

**\[-exclusivelyusentlm\]**

**\[-membershipprovider\] \<membership provider name\>**

**\[-rolemanager\] \<role manager name\>**

**\[-enableclientintegration\]**

**\[-allowanonymous\]**

Parameters

Parameter

Value

Required?

Description

url

A valid URL, such as http://server_name

Yes

The URL of the Web application to which the authentication settings is being applied to the content database

type

Any of the following values:

  • Windows

  • Forms

  • Other Values

Yes

Type of authentication you want to use for a zone. Settings are trimmed depending on what value is selected.

By default, Windows authentication is used.

usebasic

<none>

No

Basic is the simplest form of authentication. Basic authentication will continue to be supported by using Windows credentials with or without SSL.

IIS only supports basic authentication over Windows accounts. Developers can plug in their own authentication.

Note

When basic authentication is used, passwords are sent in clear text.

usewindowsintegrated

No

This is the IIS default configuration. This setting is used as the default for a basic or "one-click" setup.

exclusivelyusentlm

No

If this parameter is present, Kerberos authentication is removed for this Web application.

membershipprovider

No

This value is used only when a value other than Windows from the type parameter is specified.

The membership provider must be correctly configured in the Web.config file for the IIS Web site that hosts Windows SharePoint Services 3.0 content on each Web server. If you want to be able to manage membership users from Central Administration, it must also be added to the Web.config file for the IIS site that hosts Central Administration.

rolemanager

No

The role provider must be correctly configured in the Web.config file for the IIS Web site that hosts Windows SharePoint Services 3.0 content on each Web server. If you want to be able to manage membership users from Central Administration, it must also be added to the Web.config file for the IIS site that hosts Central Administration.

enableclientintegration

<none>

No

A value of "Yes" enables features that start client applications according to document types. This option might not work correctly with some types of forms-based authentication.

A value of "No" disables features that start client applications according to document types. Users must download documents locally, and then upload them after making changes.

Note

If this parameter is used, it is treated as “Yes.”

allowanonymous

<none>

No

The default state for anonymous access during virtual server provisioning is off regardless of the current IIS setting. The administrator needs to explicitly turn on anonymous access.

In non-Windows authentication mode, Windows SharePoint Services 3.0 automatically allows anonymous access at the IIS level, but blocks anonymous access at the Web.config file with a deny entry. If this parameter is used then anonymous access is allowed to the Web.config file.

Note

Allowing anonymous access in IIS does not automatically make all Windows SharePoint Services 3.0 sites anonymously accessible. There is Web-level anonymous access control as well which also defaults to off. However, disabling anonymous access in IIS does disable anonymous access to all Windows SharePoint Services 3.0 sites on the Web application because IIS rejects the request before code even runs.