Choosing an Authentication Method

when the Aptify website is installed, the authentication method for the site is set to Anonymous Authentication with SSL. This is done so to support both trusted and untrusted (SQL‐based) users. To implement this feature, the authentication of a user’s credentials is handled entirely through the Aptify site and the SOA layer. Anonymous Authentication is used because the authentication is not a function of IIS and the browser like with Basic or Windows Authentication. However, there may be an occasion when you want to use Basic or Windows Authentication, for example when your implementation requires a single sign‐on. Below are things to keep in mind when choosing your organization’s authentication method:

• If you want to support untrusted (SQL) users, you must use Anonymous Authentication.
• By default, when Aptify is installed, only trusted (Windows Domain) users are accepted. if you want to accept both trusted and untrusted users, additional steps are needed. See Configuring SQL Server User for details.
• Note that Anonymous Authentication (like Basic Authentication) passes username and password information (as well as the token that is generated when the credentials are passed) in clear text, the site must be secured with SSL to protect login credentials.
• If you want to use Windows or Basic Authentication, additional steps are needed to disable the Aptify login dialog. See Configuring Windows or Basic Authentication for more details.