The overall architecture of a Forms Server 2007 and InfoPath 2007 implementation can quickly take on a three-tier or n-tier structure, which can complicate security and authentication. When the user (layer 1) requests a form from his Web browser, he accesses Internet Information Services (IIS) (layer 2), which passes the request to the Forms Server (layer 3). The Forms Server then loads and converts the InfoPath 2007 form, which might attempt to access a Web service (layer 4) to supply some of the detail it will return to the user. All these layers or tiers require authentication credentials to be passed along to the next layer, or tier.

For security reasons, Web services often ...