Only users who have accounts in your Active Directory domain or in the Active Directory domain of a federated partner can log on to a Communicator Web Access Web sites. Anonymous users (that is, users who do have an account in your domain or the domain of a federated partner) can participate in desktop sharing and conferencing sessions, but only if they are invited to do so by an authenticated user. Before a user can access a Communicator Web Access site, he or she must be authenticated (that is, Communicator Web Access must verify that the user has a valid user account).

Communicator Web Access supports several different authentication mechanisms, including the following:

Although you must specify an authentication method when you create a virtual server, you can change the authentication settings by using the Communicator Web Access snap-in. Keep in mind that the authentication mechanisms available to you will vary depending on whether you are dealing with an internal virtual server or an external virtual server. The following table lists the options available to you.

Server type Authentication method Notes

Internal

Built-in

If you choose Built-in, you can then select Windows Authentication or Forms Authentication.

Communicator Web Access will make sure that at least one authentication method has been selected. If you clear Windows Authentication, Forms Authentication will automatically be chosen for you, and vice-versa.

Internal

Custom

With Custom authentication, you can enter a URL in the Sign-Out URL (Optional)box (this is optional). This represents the URL of the Web page that users will see after they sign out of Communicator Web Access. This option is not available if you use Built-in authentication.

External

Built-in

If you choose Built-in Authentication, Forms Authentication will automatically be selected for you. That’s because Windows Authentication cannot be used with an external site.

With Built-in Authentication, you can also specify time-out values for both public computers (by default, 15 minutes) and private computers (by default, 720 minutes). The time-out period represents the maximum period of inactivity allowed on a computer before the user’s Communicator Web Access session is terminated.

External

Custom

With Custom authentication, you can enter a URL in the Sign-Out URL (Optional)box (this is optional). This represents the URL of the Web page that users will see after they sign out of Communicator Web Access. This option is not available if you use Built-in authentication.

To modify authentication settings

  1. Log on to the computer that is running the Communicator Web Access snap-in. To modify authentication settings, you must log on as a member of the local Administrators group and the RTCUniversalServerAdmins group.

  2. Click Start, point to Administrative Tools, and then click Microsoft Office Communications Server 2007 R2, Communicator Web Access.

  3. In the console pane, expand the name of the computer that hosts the virtual server whose authentication settings you want to change, right-click the name of the virtual server, and then click Properties.

  4. In the Propertiesdialog box, click the Authenticationtab.

  5. Change the settings as needed and then click OK. The authentication types available to you will vary depending on whether you are configuring an internal virtual server or an external virtual server.