Applies to: VisualSVN Server 5.0 and later
Authentication is the process of confirming a user’s identity by the server. This process usually involves checking a username and a password but can include any other method of proving identity, such as smart cards.
VisualSVN Server authentication options include Subversion and Windows authentication modes, with each intended for a specific environment. This article provides instructions on how to change the authentication mode and a brief overview to help you choose the mode that best suits your needs and requirements.
The following articles describe VisualSVN Server settings related to each of the authentication modes:
- KB180: Understanding Windows authentication mode settings
- KB181: Understanding Subversion authentication mode settings
Authentication modes overview
VisualSVN Server supports two authentication modes:
-
Subversion authentication mode
This mode can be used in both domain and non-domain environments. With this mode users are prompted to enter their username and password to authenticate. Authentication process relies on the internal user list maintained by VisualSVN Server and does not depend on any external authentication service.
-
Windows authentication mode
This mode is intended for use in Active Directory domain environments. It enables users to authenticate to VisualSVN Server using their Windows credentials with single sign-on and two-factor authentication options. Within this mode, there are two authentication methods to choose from: Basic authentication or Integrated Windows Authentication. Both of these methods can also be used simultaneously. In this case, Basic authentication will only be used for those clients that do not support Integrated Windows Authentication.
Authentication modes comparison
The following table compares the Subversion authentication mode to the Windows authentication mode.
Subversion authentication | Windows authentication | ||
---|---|---|---|
Basic authentication method | Basic authentication method | Integrated Windows Authentication method | |
Password caching | Usernames and passwords are cached on disk by Subversion clients, which may introduce security risks. | Usernames and passwords are cached on disk by Subversion clients, which may introduce security risks. | Usernames and passwords are not cached on disk by Subversion clients. |
Password transmission | Passwords are transmitted in plain text unless the secure HTTPS protocol is used. | Passwords are transmitted in plain text unless the secure HTTPS protocol is used. | This method uses an authentication protocol that does not require sending the password over the network. |
Single sign-on | Not available Users are prompted to enter their username and password to authenticate. | Not available Users are prompted to enter their username and password to authenticate. | Available Users are automatically authenticated to VisualSVN Server with their current Windows credentials. |
Two-factor authentication | Not available | Not available | Available Users are automatically authenticated to VisualSVN Server with their current Windows credentials, whereas the Windows logon itself can be performed with two-factor authentication. |
For further details, please consider the KB39: Understanding VisualSVN Server Authentication options article.
Changing the authentication mode
Configuring authentication in VisualSVN Server first occurs during the installation, when you are prompted to choose either the Subversion or Windows authentication mode. If the computer belongs to a domain, the installation wizard will suggest using the Windows authentication mode.
The authentication mode can be changed at any time later using the VisualSVN Server Manager console. When the authentication mode is changed, the server switches to a different set of access permissions for all repositories. All access permissions that have been configured for the previously selected mode will be preserved, but will no longer apply. End users may be unable to access repositories until you reconfigure the permissions for the new authentication mode.
To change the authentication mode, follow the instructions below:
- Start VisualSVN Server Manager.
- Click Action | Properties.
- Switch to the Authentication tab.
- Click Change.
- Select the mode you want to use and click OK.
Upon the change, VisualSVN HTTP Service will restart and another set of access permissions will be applied.