Sunday, April 20, 2008

MS Project Server 2007 Best Practice :: Forms vs Windows Authentication

I guess so many people are happy with the windows authentication features that comes with MS Project Server and found it very easy to setup and to use. But did they know that there is another way of authenticating users, i am sure that they knew but they never think when and how to use it


First let me focus on facts about each and when each one is recommended to be used?

Windows Authentication

  • It is authenticate users against the AD that the Project Server is joint to. So, it can use only one AD. So if all of your users are belongs to one domain then this will be your right choice.
  • Roles and groups (or any AD classification) are not used in EPM, remember that the title is all about Authentication, not authorization. Authorization is run through the security model embedded with the Project server itself.
  • Project Server users list and the AD users list is not an linked. You need to schedule synch job from within Project Server itself from time to time, this means if user has became inactive then this will not be reflected into the Project Server. (needless to say that if the user became inactive or blocked in AD then he/she will not get authenticated to AD but he can be still used as a resource in Project Server)

Forms Authentication

  • Conceptually, it is very similar to the AD authentication, except that Membership Provider will be used instead of AD
  • More flexible to contain users regardless of the AD they belongs and even if they don't belong to any AD
  • Difficult (or not straight forward to setup) to setup and maintain the users credentials.
  • No synch tool is available out of the box except for the "PjFormsAuthUpgrade" tool that comes with Project server


I will be posting more articles about Forms authentication, be tuned

Best Regards

Bilal Okour

1 comment:

DBA said...

Thank you for your article