The ProtectionScenario enumeration specifies the protection scenario enforced by the policy.
public enum class ProtectionScenario
public enum ProtectionScenario
type ProtectionScenario =
Public Enum ProtectionScenario
|TransportSelected TransportSelected TransportSelected TransportSelected||0||
The transport will select between a secure and standard protection scenario depending on the type of channel used. For secure protection, integrated Windows authentication is wrapped in a secure channel and has an exactly matching channel binding token with no Service Provider Name (SPN) validation. For standard protection, integrated Windows authentication is optionally wrapped in a secure channel with an optional channel binding token and SPN validation is required. So if the request comes through a secure channel, the channel binding token (CBT) is checked, otherwise the SPN is checked.
|TrustedProxy TrustedProxy TrustedProxy TrustedProxy||1||
Integrated Windows authentication is wrapped in a secure channel terminated by a trusted proxy and has a channel binding token with SPN validation required. This requires the presence of a CBT, but the CBT is not checked while the SPN is checked.