Authentication: Stsadm operation (Office SharePoint Server)

Stsadm

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.

Operation name: Authentication

Description

Authentication is the process by which Microsoft Office SharePoint Server 2007 verifies who the user is. Authentication provides the user identity input to the authorization process, which determines which actions the current user is allowed to perform on a given object.

The administrator can select any one of the following authentication settings when a Web application is provisioned:

  • Windows authentication- Allows Internet Information Services (IIS) to perform the authentication for Office SharePoint Server 2007, for example, Kerberos, NTLM, or Basic, Certificates.

  • Forms-based authentication- Allows ASP.NET to perform the authentication for, for example, Office SharePoint Server 2007 redirect to a login page.

Syntax

stsadm -o authentication

   -url <URL name>

   -type <type>

   [-usebasic]

   [-usewindowsintegrated]

   [-exclusivelyusentlm]

   [-membershipprovider] <membership provider name>

   [-rolemanager] <role manager name>

   [-enableclientintegration]

   [-allowanonymous]

Parameters

Parameter

Value

Required?

Description

url

A valid URL, such as http://server_name

Yes

The URL of the Web application to which the authentication settings is being applied to the content database

type

Any of the following values:

  • Windows

  • Forms

  • Other Values

Yes

Type of authentication you want to use for a zone. Settings are trimmed depending on what value is selected.

By default, Windows authentication is used.

usebasic

<none>

No

Basic is the simplest form of authentication. Basic authentication will continue to be supported by using Windows credentials with or without SSL.

IIS only supports basic authentication over Windows accounts. Developers can plug in their own authentication.

NoteNote:
When basic authentication is used, passwords are sent in clear text.

usewindowsintegrated

No

This is the IIS default configuration. This setting is used as the default for a basic or "one-click" setup.

exclusivelyusentlm

No

If this parameter is present, Kerberos authentication is removed for this Web application.

membershipprovider

No

This value is used only when a value other than Windows from the type parameter is specified.

The membership provider must be correctly configured in the Web.config file for the IIS Web site that hosts Office SharePoint Server 2007 content on each Web server. If you want to be able to manage membership users from Central Administration, it must also be added to the Web.config file for the IIS site that hosts Central Administration.

rolemanager

No

The role provider must be correctly configured in the Web.config file for the IIS Web site that hosts Office SharePoint Server 2007 content on each Web server. If you want to be able to manage membership users from Central Administration, it must also be added to the Web.config file for the IIS site that hosts Central Administration.

enableclientintegration

<none>

No

A value of "Yes" enables features that start client applications according to document types. This option might not work correctly with some types of forms-based authentication.

A value of "No" disables features that start client applications according to document types. Users must download documents locally, and then upload them after making changes.

NoteNote:
If this parameter is used, it is treated as “Yes.”

allowanonymous

<none>

No

The default state for anonymous access during virtual server provisioning is off regardless of the current IIS setting. The administrator needs to explicitly turn on anonymous access.

IIS anonymous access must be on for pluggable authentication. Anonymous requests must make it through IIS to get to the ASP.NET authentication system. There is no anonymous access choice when provisioning with forms-based authentication.

NoteNote:
Allowing anonymous access in IIS does not automatically make all Office SharePoint Server 2007 sites anonymously accessible. There is Web-level anonymous access control as well which also defaults to off. However, disabling anonymous access in IIS does disable anonymous access to all Office SharePoint Server 2007 sites on the Web application because IIS rejects the request before code even runs.