Authentication is the process of confirming that you are who you claim to be, and is handled differently depending on the type of connection you are using.
If you are using a COM/DCOM connection, only users who are members of a particular users group can access the Admin Server. This group can exist at either the local machine or domain level, and it allows the operating system to provide authentication for a COM/DCOM connection at login.
If you are using a SOAP connection, IIS provides the authentication. As with the COM/DCOM connection, you are still required to create a particular users group. IIS provides a number of authentication methods, however, we recommend using the Basic authentication method along with a restricted user account. This provides a moderate level of security.
If you wish a higher level of security, you can use the Basic authentication method in conjunction with SSL Server Certificates, however, using this solution results in some performance loss. With this solution, you are authenticated by IIS, and then checked against the required users group before access to the Admin Server is granted.
See also