| Table 1: Comparison of IIS 7.0 Authentication Methods | ||||||
| Basic Authentication |
Digest Authentication |
NTLM | Kerberos | Client Certificate–based (SSL/TLS) | Forms Authentication | |
| Protocol based on open standard? | Yes | Yes | No | Yes | Yes | No |
| Relies on Windows accounts? | Yes | Yes | Yes | Yes | No | No |
| Requires AD accounts? | No | Yes | Yes | Yes | No | No |
| Supports non-IE browsers? | Yes | Yes | No | No | Yes | Yes |
| Requires SSL? | Yes | No | No | No | Yes | Yes |
| IE version requirements | All IE versions | IE 5.0 or later | IE 2.0 or later | IE 5.0 or later | All IE versions | All IE versions |
| Supports authentication through firewalls and proxies? | Yes | Yes | Only on selected proxies; also works with tunnel connection | Only if Kerberos traffic is allowed; also works with tunnel connection | Yes | Yes |
| Overall security quality? | Weak: Base64 encoded, requires SSL | Strong: Based on a challenge-response mechanism; advanced digest authentication (default for IIS 7.0) is the recommended version | Strong: Based on a challenge-response mechanism; NTLM v2 is the recommended version | Strong: Based on an open standard | Strong: Based on asymmetric cryptographic mechanism | Strong: If combined with SSL |