Microsoft Authentication
来源:互联网 发布:粉底液 mac水漾 编辑:程序博客网 时间:2024/05/18 23:57
Microsoft authentication technologies include:
Credential Management,
LSA Authentication,
Network Provider,
Smart Card Authentication,
Security Support Provider Interface(SSPI),
Winlogon and GINA
Credentials Management.
Kinds of Credentials: Domain Credentials, Generic Credentials
User Name Formats: User Principal Name(UPN)(UserName@Example.Microsoft.com), Down-Level Logon Name(DOMAIN\UserName).
LSA Authentication.
LSA Authentication describes the parts of the Local Security Authority(LSA) that applications can use to authenticate and log users on to the local system.
The LSA Authentication functions let you write an authentication package, a subauthentication package, or a combined security support provider/authentication package(SSP/AP).
A logon session is a computing session that begins when a user authentication is successful and ends when the user logs off of the system.
When a user is successfully authenticated, the authentication package creates a logon session and returns information to the LSA that is used to create a token for the new user. This token includes, among other things, a locally unique identifier(LUID) for the logon session, called the logon id.
When a token is created, the reference count for the logon session is incremented. The reference count is also incremented whenever copies of the token are created for process creation, impersonation, or other uses. As token uses are completed and copies of the token are deleted, the reference count for the logon session is decremented. When the reference count reaches zero, the logon session is deleted.
LSA User Logon Authentication.
Authentication Packages.
Authentication packages are contained in dynamic-link libraries. The LSA loads authentication packages by using configuration information stored in the registy.
MSV1_0, for example, is an authentication package installed with the Microsoft Windows operating system. The MSV1_0 package accepts a user name and a hashed password. It looks up the user name and hashed password combination in the Security Accounts Manager(SAM) database.
MSV1_0 also supports domain logons. MSV1_0 processes domain logons using pass-through authentication.If the domain controller is not available, and the LSA contains cached credentials for the user, the local instance of MSV1_0 can authenticate the user using the cached logon data.
The authentication packages provided with Windows support customization using subauthentication packages. A subauthentication package is a DLL that supplements or replaces part of the authentication and validation criteria used by the main authentication package.
Network Provider API.
A network provider is a DLL that supports a specific network protocol. It also implements the Network Provider API. This enables it to interact with the Windows operating system to receive standard network requests, such as connection or disconnection requests.
The Multiple Provider Router(MPR) handles communication with all of the various network providers on the system and presents an integrated network to the user.
A credential manager is similar to a network provider in that it provides entry points that are called by the MPR. In fact, some network providers are also credential managers.
Whether you implement the credential management functions in the same DLL as the network provider functions depends on the requirements of your application. Credential managers receive notifications when authentication information changes. For example, credential managers are notified when a user logs on or an account password changes.
When the MPR starts, it checks the registry to determine which network providers are installed on the system and the order they should be cycled through. It loads all registered network provider DLLs and uses them to process subsequent WNet calls made by the user interface or other applications.
The MPR calls the connection notification functions when it connects or disconnects a network resource. To receive such notofications, you can implement these functions in a DLL.
SSPI.
Winlogon and Credential Providers.
Winlogon is the windows module that performs interactive logon for a logon sessions. Winlogon behavior can be customized by implementing and registering a Credential Provider.
Windows Server 2003 and Windows XP: Credential Providers are not supported. For information about customizing Winlogon, see Winlogon and GINA.
Credential Management,
LSA Authentication,
Network Provider,
Smart Card Authentication,
Security Support Provider Interface(SSPI),
Winlogon and GINA
Credentials Management.
Kinds of Credentials: Domain Credentials, Generic Credentials
User Name Formats: User Principal Name(UPN)(UserName@Example.Microsoft.com), Down-Level Logon Name(DOMAIN\UserName).
LSA Authentication.
LSA Authentication describes the parts of the Local Security Authority(LSA) that applications can use to authenticate and log users on to the local system.
The LSA Authentication functions let you write an authentication package, a subauthentication package, or a combined security support provider/authentication package(SSP/AP).
A logon session is a computing session that begins when a user authentication is successful and ends when the user logs off of the system.
When a user is successfully authenticated, the authentication package creates a logon session and returns information to the LSA that is used to create a token for the new user. This token includes, among other things, a locally unique identifier(LUID) for the logon session, called the logon id.
When a token is created, the reference count for the logon session is incremented. The reference count is also incremented whenever copies of the token are created for process creation, impersonation, or other uses. As token uses are completed and copies of the token are deleted, the reference count for the logon session is decremented. When the reference count reaches zero, the logon session is deleted.
LSA User Logon Authentication.
Authentication Packages.
Authentication packages are contained in dynamic-link libraries. The LSA loads authentication packages by using configuration information stored in the registy.
MSV1_0, for example, is an authentication package installed with the Microsoft Windows operating system. The MSV1_0 package accepts a user name and a hashed password. It looks up the user name and hashed password combination in the Security Accounts Manager(SAM) database.
MSV1_0 also supports domain logons. MSV1_0 processes domain logons using pass-through authentication.If the domain controller is not available, and the LSA contains cached credentials for the user, the local instance of MSV1_0 can authenticate the user using the cached logon data.
The authentication packages provided with Windows support customization using subauthentication packages. A subauthentication package is a DLL that supplements or replaces part of the authentication and validation criteria used by the main authentication package.
Network Provider API.
A network provider is a DLL that supports a specific network protocol. It also implements the Network Provider API. This enables it to interact with the Windows operating system to receive standard network requests, such as connection or disconnection requests.
The Multiple Provider Router(MPR) handles communication with all of the various network providers on the system and presents an integrated network to the user.
A credential manager is similar to a network provider in that it provides entry points that are called by the MPR. In fact, some network providers are also credential managers.
Whether you implement the credential management functions in the same DLL as the network provider functions depends on the requirements of your application. Credential managers receive notifications when authentication information changes. For example, credential managers are notified when a user logs on or an account password changes.
When the MPR starts, it checks the registry to determine which network providers are installed on the system and the order they should be cycled through. It loads all registered network provider DLLs and uses them to process subsequent WNet calls made by the user interface or other applications.
The MPR calls the connection notification functions when it connects or disconnects a network resource. To receive such notofications, you can implement these functions in a DLL.
SSPI.
Winlogon and Credential Providers.
Winlogon is the windows module that performs interactive logon for a logon sessions. Winlogon behavior can be customized by implementing and registering a Credential Provider.
Windows Server 2003 and Windows XP: Credential Providers are not supported. For information about customizing Winlogon, see Winlogon and GINA.
0 0
- Microsoft Authentication
- Apache and Subversion authentication with Microsoft Active Directory LDAP
- Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2)
- Authentication
- Microsoft Challenge Authentication Handshake Protocol (MS-CHAP) in Virtual Private Network (VPN)
- Microsoft
- Microsoft!!!
- Microsoft
- Microsoft
- Microsoft
- Microsoft
- Microsoft
- 开启Authentication
- Gateway Authentication
- Kerberos Authentication
- ca authentication
- Digest authentication
- User authentication
- 超越影像——RSNA 2016参展随感 (二)
- 输出倒逼输入
- 对象分类
- oracle分区索引
- 字符、字节的概念及其区别
- Microsoft Authentication
- PHP面向对象中的构造函数和析构函数
- 指针
- 数据分析里面的一些常用指标的特点(最大、最小、平均、中位数、....)
- 2016年总结-JAVA程序员
- LTE上行物理层传输机制(5)-CQI的传输方式(1)
- mybaits中批处理
- 在Ubuntu下如何给火狐浏览器安装Adobe flash player
- C++类中被删除的析构函数
