SECURING


Validation and authentication for Internet and intranet clients
After you set up name-and-password access and create Person documents for Internet/intranet users, Domino® authenticates users either when they attempt to do something for which access is restricted, or Anonymous access is not allowed on the server.

For example, when a user tries to open a database that has an ACL with No Access as the -Default-, Domino challenges the user for a valid user name and password. Authentication succeeds only if the user provides a name and password that matches the name and password stored in the user's Person document (or in an LDAP directory - some users are authenticated against an LDAP directory rather than a Person record) and if the database ACL gives access to that user. Anonymous users are not authenticated.

You can use name-and-password and anonymous access with TCP/IP and SSL.

This section also applies to Web clients who are accessing a Domino Web server for which session authentication has been enabled.

Note: The Domino Web Server Application Programming Interface (DSAPI) is a C API that you use to write extensions to the Domino Web server. Using these extensions, or filters, you can customize the authentication of Web users. For more information on DSAPI, see the Lotus® C API Toolkit for Domino and Notes®.

How validation and authentication works

This example describes how a client (Andrew) uses TCP/IP to connect to a server (Mail-E).

1. Andrew tries to access a database on Mail-E.

2. The server checks the Internet Site document (or Server document) to determine if anonymous access is enabled for TCP/IP. If it is, then:


3. If anonymous access is disabled for the protocol or if the database ACL does not allow anonymous access, then the server checks the Internet Site (or Server document) to determine if name-and-password access is enabled for TCP/IP. If name-and-password access is enabled, then:
Related concepts
Name-and-password authentication for Internet/intranet clients
Session-based name-and-password authentication for Web clients

Related information
Lotus C API Toolkit