Share via


FpcCredentialsDelegationType Enumeration

The FpcCredentialsDelegationType enumerated type contains values that specify the type of credentials that may be delegated to the published server for a Web publishing rule.

Syntax

typedef enum FpcCredentialsDelegationType {
  fpcDelegationNonePassThrough       = 0,
  fpcDelegationNoneBlock             = 1,
  fpcDelegationSecurID               = 2,
  fpcDelegationBasic                 = 3,
  fpcDelegationNTLM                  = 4,
  fpcDelegationSPNEGO                = 5,
  fpcDelegationKerberosConstrained   = 6
} FpcCredentialsDelegationType;

Constants

  • fpcDelegationNonePassThrough
    The client's credentials are allowed to pass through the Forefront TMG computer to the Web server without any processing. The client and the Web server then negotiate the authentication method. This value is typically used in a scenario where the Web server requires some proprietary form of authentication and corresponds to the No delegation, but client may authenticate directly option in Forefront TMG Management.

  • fpcDelegationNoneBlock
    No delegation of any credentials is allowed. If the published Web server requires authentication, Forefront TMG will not pass the authentication request to the client, and the client request will be denied. This value corresonds to the No delegation, and client cannot authenticate directly option in Forefront TMG Management.

  • fpcDelegationSecurID
    Delegation of credentials in the form of an RSA SecurID cookie is allowed. This value corresonds to the RSA SecurID option in Forefront TMG Management.

  • fpcDelegationBasic
    Credentials for Basic authentication may be forwarded in plaintext to the Web server. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the Basic authentication option in Forefront TMG Management.

  • fpcDelegationNTLM
    Delegation using the NTLM challenge/response authentication protocol is allowed. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the NTLM authentication option in Forefront TMG Management.

  • fpcDelegationSPNEGO
    Delegation using the Simple and Protected Negotiation (SPNEGO) protocol is allowed. If Forefront TMG can obtain a Kerberos ticket for the client from the domain controller, it uses Kerberos constrained delegation. If Forefront TMG cannot obtain a Kerberos ticket, it falls back to NTLM. The Web server must be configured to accept Integrated authentication. If authentication fails, Forefront TMG provides the failure notice from the Web server to the client. If the Web server requires credentials of a different type, a Forefront TMG alert is triggered. This value corresonds to the Negotiate (Kerberos/NTLM) option in Forefront TMG Management.

  • fpcDelegationKerberosConstrained
    Kerberos constrained delegation is allowed. This value corresonds to the Kerberos constrained delegation option in Forefront TMG Management.

Requirements

Client Requires Windows 7 or Windows Vista.
Server Requires Windows Server 2008 R2 or Windows Server 2008 x64 Edition with SP2.
Version Requires Forefront Threat Management Gateway (TMG) 2010.
Header

Declared in Comenum.h.

See Also

Enumerated Types

Send comments about this topic to Microsoft

Build date: 6/30/2010