Windows Authentication in IIS 7.0 supports two protocols one is NTLM (NT LAN Manager) and other is Kerberos.  NTLM (NT LAN Manager) is a Microsoft protocol suite that can be used both for HTTP-based authentication and non-HTTP-based authentication.

Kerberos v5 authentication is an open, industry-standard, ticket-based authentication method. Kerberos v5 is developed at MIT and it supports mutual authentication of the client and server to each other. Kerberos authentication relies on a trusted third party. In Microsoft implementation of Kerberos, the trusted third party is a domain controller (DC). Therefore, Kerberos authentication can only be used for Active Directory domain accounts.

Windows authentication is best suited for an intranet environment for the following reasons:

• Client computers and Web servers are in the same domain.

• HTTP proxy connections are not required (NTLM doesn’t support  HTTP Proxy).

• Kerberos v5 requires a connection to Active Directory.

 

To configure Windows Authentication, open the Internet Information Services (IIS) 7 Manager and open the site you want to configure Windows authentication. In Features View, double-click Authentication.

 

2) On the Authentication page, select Windows Authentication. In the Actions pane, click Enable to enable Windows authentication.