cindy
2010-02-05 18:29:01 UTC
Is this article true it says no security trimming for Search Express
http://technet.microsoft.com/en-us/library/dd695725.aspx
Plan authentication methods (Search Server 2008)
Updated: 2009-04-16
The information in this section does not apply to Microsoft Search Server
2008 Express. It applies to the full version of Microsoft Search Server 2008
only.
This article describes the authentication methods that are supported by
Search Server 2008. After reading this article, you will be able to:
Understand how authentication is implemented in Search Server 2008.
Identify the authentication methods that are appropriate for your
environment.
About authentication
Authentication is the process of validating a user's identity. In Search
Server 2008, Internet Information Services (IIS) performs the authentication
of users. After a user's identity is validated, Search Server 2008 performs
the authorization process to determine which sites, content, and other
features the user can access. Part of this process begins when the content
items are crawled. As the crawler opens each content item to extract the
content, it also retrieves content item metadata including the access control
list (ACL) for each content item. After the content from each content item is
parsed and processed, it is then added to the full-text index, also called
the content index. The metadata and ACL information is added to a separate
index called the search database.
When a user submits a query, the Web server obtains both the search results
from the content index and each content item’s metadata, including ACLs, from
the search database. The Web server compares the credentials of the user who
submitted the query to the ACLs of the content items included in the search
results. Any content items that the user does not have permission to access
are not included in the search results. This process is known as security
trimming.
http://technet.microsoft.com/en-us/library/dd695725.aspx
Plan authentication methods (Search Server 2008)
Updated: 2009-04-16
The information in this section does not apply to Microsoft Search Server
2008 Express. It applies to the full version of Microsoft Search Server 2008
only.
This article describes the authentication methods that are supported by
Search Server 2008. After reading this article, you will be able to:
Understand how authentication is implemented in Search Server 2008.
Identify the authentication methods that are appropriate for your
environment.
About authentication
Authentication is the process of validating a user's identity. In Search
Server 2008, Internet Information Services (IIS) performs the authentication
of users. After a user's identity is validated, Search Server 2008 performs
the authorization process to determine which sites, content, and other
features the user can access. Part of this process begins when the content
items are crawled. As the crawler opens each content item to extract the
content, it also retrieves content item metadata including the access control
list (ACL) for each content item. After the content from each content item is
parsed and processed, it is then added to the full-text index, also called
the content index. The metadata and ACL information is added to a separate
index called the search database.
When a user submits a query, the Web server obtains both the search results
from the content index and each content item’s metadata, including ACLs, from
the search database. The Web server compares the credentials of the user who
submitted the query to the ACLs of the content items included in the search
results. Any content items that the user does not have permission to access
are not included in the search results. This process is known as security
trimming.
--
cindy
cindy