Authentication and Authorization
Updated: December 20, 2012
Applies To: System Center 2012 - Orchestrator, System Center 2012 R2 Orchestrator, System Center 2012 SP1 - Orchestrator
When you access the web service for System Center 2012 - Orchestrator, you must provide credentials that define your access the Orchestrator environment.
Authentication is the verification of credentials used by the connection attempt to the web service. Any request must either specify a username and password, or it must specify that it is using the credentials of the current user.
With a request based on HttpWebRequest .NET class, you can set the Credentials property with a NetworkCredential class using an appropriate name and password. To use the credentials of the current user instead of specifying specific credentials, set the UseDefaultCredentials property of the request to True. In Windows PowerShell, you can use the Get-Credential cmdlet to prompt the user for a name and password.
Authorization occurs after successful authentication and determines that the credentials of the connection have permission in Orchestrator to perform the requested activities. You authorize users to access the Orchestrator installation and perform required functions on runbooks and folders through the Runbook Designer. For more information on changing the permissions of a runbook, see Runbook Permissions.
Securing the web service with SSL
By default, the Orchestrator web service will accept insecure connections over HTTP. You can increase the security of your installation and reduce the risk of information disclosure and tampering by requiring SSL for any connection. Since the Orchestration console runs on the Orchestrator web service, this would require any connections to that console to also require SSL.
For information on securing the Orchestrator web service with SSL, see How to Configure the Orchestrator web server to use HTTPS.