Windows Authentication in IIS 7.0 supports two protocols one is NTLM (NT LAN Manager) and other is Kerberos. NTLM (NT LAN Manager) is a Microsoft protocol suite that can be used both for HTTP-based authentication and non-HTTP-based authentication.
Kerberos v5 authentication is an open, industry-standard, ticket-based authentication method. Kerberos v5 is developed at MIT and it supports mutual authentication of the client and server to each other. Kerberos authentication relies on a trusted third party. In Microsoft implementation of Kerberos, the trusted third party is a domain controller
(DC). Therefore, Kerberos authentication can only be used for Active Directory domain accounts.
Windows authentication is best suited for an intranet environment for the following reasons:
• Client computers and Web servers are in the same domain.
• HTTP proxy connections are not required (NTLM doesn’t support HTTP Proxy).
• Kerberos v5 requires a connection to Active Directory.
To configure Windows Authentication, open the Internet Information Services (IIS) 7 Manager and open the site you want to configure Windows authentication. In Features View, double-click Authentication.
2) On the Authentication page, select Windows Authentication. In the Actions pane, click Enable to enable Windows authentication.