MS Project Server 2007 Best Practice :: Forms vs Windows Authentication


I guess so many people are happy with the windows authentication features that comes with MS Project Server and found it very easy to setup and to use. But did they know that there is another way of authenticating users, i am sure that they knew but they never think when and how to use it

First let me focus on facts about each and when each one is recommended to be used?

Windows Authentication

  • It authenticates users against the AD that the Project Server is joint to. So, it can use only one AD. So if all of your users belong to one domain then this will be your right choice.
  • Roles and groups (or any AD classification) are not used in EPM, remember that the post title is all about Authentication, not authorization. Authorization is run through the security model embedded with the Project server itself.
  • Project Server users list and the AD users list are not linked or in synch. You need to schedule synch job from within Project Server itself, this means if a user became inactive then this will not be reflected in the Project Server. (needless to say that if the user became inactive or blocked in AD then he/she will not get authenticated to AD but he can be still used as a resource in Project Server)

Forms Authentication

  • Conceptually, it is very similar to the AD authentication, except that Membership Provider will be used instead of AD
  • More flexible to contain users regardless of the AD they belongs to and even if they don’t belong to.
  • Difficult (or not straight forward to setup) to setup and maintain the users credentials.
  • No synch tool is available out of the box except for the "PjFormsAuthUpgrade" tool that comes with Project server

 

I will be posting more articles about Forms authentication, be tuned

Best Regards

Bilal Okour

This entry was posted in MS Project 2007 Server Best Practice. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s