The web server, the gatekeeper, or both, handle client authentication in series.

You can configure the virtual directory through the Microsoft Internet Information Server (IIS) to get client authentication. Basic authentication requires the client to provide a username and password, which are verified by the web server. If clients are logged into the same Windows domain as the web server, you can also use Integrated Windows Authentication, which handles authentication without sending any passwords over the wire.

Similar options for basic authentication are available in Java-based web servers.

Your gatekeeper application handles client authentication based on another username and password pair that the client sends. The gatekeeper extracts these strings from the InitiateRequest message and then uses them to authenticate the client by whatever customized method you want.

The flags parameter of the Initiate method is used to communicate credential strings for HTTP authentication. Two separate pairs of credential strings are used:

This overloading of the flags parameter for two pairs of credential strings requires some special formatting. The four items must be concatenated into a single string. To accommodate arbitrary password strings, there is no predetermined delimiter character. The first character of the flags parameter is taken as the delimiter, which delimits the next four fields. For example, if you choose the vertical bar (|) as the delimiter, you can pass two pairs of credentials, as follows:

If you are not using web server authentication, and you need to pass credentials only to the gatekeeper application, you can leave the first two fields empty:

If your web server is configured to use Integrated Windows Authentication on an intranet domain, there is no need to pass explicit credential strings for the web server.