Application vs. Operating System Identity Flow

Previous page
Table of content
Next page
[Previous] [Next]

Application-level identity flow is the carrying of identity from tier to tier (that is, server to server) as arguments to functions, method calls, or parts of an SQL query string. With operating system-level identity flow, the carrying of identity is automatic and part of any communication from the Web server to the COM+ object and finally to SQL Server. Of course, the operating system must support flowing identity. Microsoft Windows NT 4 supports identity flow in a limited fashion: once a server has authenticated a connection, the server cannot make a call to another server in an authenticated manner. As far as the remote server is concerned, the connection is anonymous and can be denied access. Windows 2000 supports the capability fully through Kerberos authentication delegation.

NOTE
The anonymous account in Windows NT and Windows 2000 is not the same as the IIS anonymous account. Windows NT and Windows 2000 use a specific account called NT AUTHORITY\ANONYMOUS LOGON with a well-known SID: S-1-5-7. The IIS anonymous account is a real Windows account—IUSR_machinename, by default—used by the Web server to mimic anonymous Web access. The Windows anonymous account is used when an identity cannot be authenticated.


Previous page
Table of content
Next page
Designing Secure Web-Based Applications for Microsoft Windows 2000 with CDROM
Designing Secure Web-Based Applications for Microsoft Windows 2000 with CDROM
ISBN: N/A
EAN: N/A
Year: 1999
Pages: 138
BUY ON AMAZON
Oracle Developer Forms Techniques
Snort Cookbook
FileMaker Pro 8: The Missing Manual
Managing Enterprise Systems with the Windows Script Host
Competency-Based Human Resource Management
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy