Configure Digest authentication for a claims-based Web application (SharePoint Server 2010)
Applies to: SharePoint Server 2010, SharePoint Foundation 2010
This article describes how to configure digest authentication for one or more zones within a Microsoft SharePoint Server 2010 claims-based Web application. A Web application is an IIS Web site thatSharePoint Server 2010 creates and uses. Zones represent different logical paths for gaining access to the same Web application. Within each Web application, you can create up to five zones. A different Web site in IIS represents each zone. Use zones to enforce different access and policy conditions for large groups of users. To configure digest authentication for one or more zones in a SharePoint Server 2010 Web application, use the IIS Management Console to directly configure IIS.
Although digest authentication provides the same functionality as basic authentication, digest authentication encrypts user credentials to increase security. User credentials are sent as an MD5 message digest in which the original user name and password cannot be deciphered. Digest authentication uses a challenge/response protocol that requires the authentication requestor to present valid credentials in response to a challenge from the server. To authenticate against the server, the client has to supply an MD5 message digest in a response that contains a shared secret password string. The MD5 Message-Digest Algorithm is described in detail in RFC 1321. For access to RFC 1321, see The Internet Engineering Task Force (http://go.microsoft.com/fwlink/p/?LinkId=159913).
To use digest authentication, note the following requirements:
The user and IIS server must be members of, or trusted by, the same domain.
Users must have a valid Windows user account stored in Active Directory Domain Services (AD DS) on the domain controller.
The domain must use a Microsoft Windows Server 2008 domain controller.
Configure IIS to enable digest authentication
Use the IIS Management Console to configure IIS to enable digest authentication for one or more of the following zones for a claims-based Web application:
The Default zone is the zone that is first created when a Web application is created. The other zones are created by extending a Web application.
To configure IIS to enable digest authentication
Verify that you have one of the following administrative credentials:
- You must be a member of the Administrators group on the server on which you are configuring IIS.
On the Start menu, point to All Programs, click Administrative Tools , and then click Internet Information Services (IIS) Manager to start the IIS Management Console.
Expand Sites on the console tree, right-click the IIS Web site that corresponds to the Web application zone on which you want to configure digest authentication.
In Features View, double-click Authentication.
On the Authentication page, select Digest Authentication.
In the Actions pane, click Enable to use Digest authentication with the default settings.
In the Actions pane, click Edit to enter a realm name.
In the Edit Digest Authentication Settings dialog box, in the Realm text box, type the appropriate realm and click OK.
At this point, the Web site is configured to use digest authentication.