extendedProtection Element for windowsAuthentication [IIS Settings Schema]
Note
For more information about the extendedProtection element, see the following topic on the Microsoft IIS.net Web site: Windows Extended Protection <extendedProtection>.
Specifies the settings that configure the extended protection for Windows authentication in IIS 7.5. Extended protection enhances the existing Windows authentication functionality in order to mitigate authentication relay or "man in the middle" attacks.
Syntax
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
Attribute |
Description |
||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
flags |
Optional flags attribute. Specifies the additional behavior settings for extended protection. The flags attribute can be a combination of the following values; the default value is None.
|
||||||||||||
tokenChecking |
Optional enum attribute. Specifies the behavior for checking channel-binding information. The tokenChecking attribute can be one of the following values; the default value is None.
|
Child Elements
Element |
Description |
---|---|
spn |
Adds a SPN to the collection. |
clearSpns |
Clears the collection of SPNs. |
removeSpn |
Removes a SPN from the collection. |
Parent Elements
Element |
Description |
---|---|
configuration |
Specifies the root element in every configuration file that is used by IIS 7. |
system.webServer |
Specifies the top-level section group (in ApplicationHost.config) in which this element is defined. |
security |
Specifies the section group that contains security-related sections. |
authentication |
Specifies the section group that contains authentication sections. |
windowsAuthentication |
Specifies the settings for Windows authentication. |
Remarks
For more information about the extendedProtection element, see the following topic on the Microsoft IIS.net Web site: Windows Extended Protection <extendedProtection>.
Element Information
Configuration locations |
ApplicationHost.config |
Requirements |
IIS 7 |
See Also
Reference
spn for extendedProtection Element for windowsAuthentication [IIS Settings Schema]