Server Reference Guide : HTTP Routing : Security : Authentication
 
Share this page          
Authentication
The web server, the gatekeeper, or both, handle client authentication in series.
Web Server
You can configure the virtual directory through the Microsoft Internet Information Server (IIS) to get client authentication. Basic authentication requires the client to provide a username and password, which are verified by the web server. If clients are logged into the same Windows domain as the web server, you can also use Integrated Windows Authentication, which handles authentication without sending any passwords over the wire.
Similar options for basic authentication are available in Java-based web servers.
Gatekeeper
Your gatekeeper application handles client authentication based on another username and password pair that the client sends. The gatekeeper extracts these strings from the InitiateRequest message and then uses them to authenticate the client by whatever customized method you want.
How You Can Pass Credentials
The flags parameter of the Initiate method is used to communicate credential strings for HTTP authentication. Two separate pairs of credential strings are used:
The first username-password pair is provided to the web server (if the web server, or proxy server, configuration requires it).
The second username-password pair is passed through to the gatekeeper to interpret however it wants.
This overloading of the flags parameter for two pairs of credential strings requires some special formatting. The four items must be concatenated into a single string. To accommodate arbitrary password strings, there is no predetermined delimiter character. The first character of the flags parameter is taken as the delimiter, which delimits the next four fields. For example, if you choose the vertical bar (|) as the delimiter, you can pass two pairs of credentials, as follows:
|name1|password1|name2|password2
If you are not using web server authentication, and you need to pass credentials only to the gatekeeper application, you can leave the first two fields empty:
|||name2|password2
If your web server is configured to use Integrated Windows Authentication on an intranet domain, there is no need to pass explicit credential strings for the web server.