It is important to understand the following distinction between authentication and authorization to understand why connection attempts are either accepted or denied:
You can enable authorization plug-ins to control the access to content by authenticated users. If you enable an authorization plug-in, it is required that you also enable an authentication plug-in for users to be able to access your publishing points. However, the WMS IP Address Authorization plug-in does not require an authentication plug-in to authenticate a player.
You can enable authorization plug-ins at both the server and the publishing point levels. If you enable an authorization plug-in for a server and another for a publishing point on the server, both authorization plug-ins are used to authorize a user, but the plug-in for the server is used first. If you enable multiple authorization plug-ins for a server or for a publishing point, all the plug-ins are used in the order they appear on the Properties tab for the server or publishing point. If a user is denied access by any of the plug-ins, the authorization process terminates, and the server checks whether another authentication plug-in is enabled to authenticate the user.
This section contains the following topics: