How does integrated windows authentication really work?
Question
I have a question that comes forth of a problem I had where the browser of a client shows the wrong username.
All of the docs say that 'current credentials' are used. I have now proof that this is not the case! But what do they mean with 'current credentials'?
Current credentials appears to be the user that started the process requesting the IIS resource. But as you can read in my problem the browser seems to able to pass on another username then the one running this process if it 'wants'.
Also, when the browser cannot identify the user it will request credentials that you can ask to remember.
- When will the browser request credentials
- Where are these credentials stored?
1 answers
solution1
1 ACCPTED 2014-07-10 08:51:15
Current user credentials:
Logging onto your Windows workstation means your log in through Kerberos onto the your Active Directory domain. A Kerberos TGT is held in memory by LSA. All subsequent calls will generate service tickets to services with the help of that TGT and your domain controller (KDC). All calls to that system are routed through SSPI on Windows.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.