Self Service & Analyst Portal - Community
Direct link to topic in this publication:
Forms Authentication is an authentication method that prompts the user to enter a username and password in a login form. The password and username are sent to the web server and authenticated by the web server using Active Directory as the authority. If the credentials are authenticated the user receives an authentication token which is stored in the browser and used to authenticate the user from that point forward for that particular session. If the session expires, the user will be required to reenter the username and password.
The user has the option of checking the 'Remember me' checkbox on the login screen to securely store a login token in a cookie on the users local computer that can be used to authenticate instead of entering credentials for each session. The cookie will last as long as the configuration is set to last (default: 365 days) or until the user's password changes and the authentication token is therefore no longer valid. Once the user is authenticated by Active Directory, the Cireson Portal web site will create a connection to System Center Service Manager by securely passing the encrypted username and password to the System Center Data Access Service on the Service Manager management server. The Data Access Service will then authenticate the credentials with Active Directory as well and if the credentials are valid and the user has permission to connect to Service Manager, a connection object will be created in the Cireson Portal web site and stored in memory.
Because the username and password are sent on the network when using forms authentication, it is essential to use HTTPS/SSL to encrypt the traffic on the network between the browser and the server so that login credentials are not transmitted in clear text. Forms authentication is typically used in a scenario where the users accessing the Cireson Portal web site are logged into non-Windows computers, using a browser other than IE or Chrome, are on Windows computers which are not domain joined to a domain that the Cireson Portal web server is joined, or when users are accessing the Cireson Portal web site over the Internet.