What are the different types of website authentication?

Nigel Whitworth's Development Site

You are currently not logged in.

What are the different types of website authentication?

There are four types of windows authentication you can use for a website, they are Anonymous, Basic, Certificate, Digest and Integrated. What is right for your website depends on your needs.

Anonymous
Public facing websites use this form of authentication otherwise no one would be able to access your site. In IIS, there is a IUSR_ user, where Machine_Name is the name of your server. The system will prevent any user from accessing a page where that user does not have the necessary rights to access. If you are using more than one method of authentication and Anonymous is one, then IIS will try to authenticate using this method first.

Basic
Basic is the most commonly supported method used by web browsers. It provides for the username and password to be transmitted from browser to server in plain text albeit in 64 bit encoding. If the credentials are rejected, the browser will prompt again and again until it is rejected or accepted. If the computer you are using is being monitored then whoever is doing the monitoring can see your details. Integrated takes precendence over Basic.

Certificate
Using the browsers Secure Socket Layer (SSL), a website can make use of certificates to provide an additional layer of authentication. There are two types of certificates, server and client. The former are copied to the clients machine to say that the website is authentic and the later is the opposite, a client accessing the website is genuine. The certificates contain information about the party that the certificate is coming from.

Digest
Digest authentication requires the server you are using has Active Directory turned on. it is is similar to Basic but data is transmitted slightly different. Authentication details are encrypted but never decrypted. That may sound slightly silly but read on. The server sends the browser a hash code. The browser adds the hash code to the users credentials and then sends it back to the server. The server compares the hash code of what the browser transmitted to it with a hashed value that it has made up of the users correct details. If the hashes are made, access is given. Additional information about the computers user is sent along with the log on details.

Integrated
Integrated Windows Authenticiation is best used when working in an Intranet/VPN system. The user would already have logged onto a Windows network. The server and the client will already have been validated against one another. It uses the Kerberos encryption method to provide safe secure access.

If you intend to vote or make a comment, please enter the security code.

Make a comment

*Comments are the views of individuals, they may or may not be correct.
All comments are reviewed and accepted or rejected.
If you give an email address, you will be sent an email when someone makes a comment on this page.*

Name :
Email :
Comments :

Only name and Code is compulsory.

Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)