 |
Show Changes |
|
Edit |
|
|
|
Recent Changes |
|
Subscriptions |
|
Lost and Found |
|
Find References |
|
Rename |
| Search |
History
| 5/4/2005 12:04:29 PM |
|
List all versions |
|
Show Changes |
|
Edit |
|
|
|
Recent Changes |
|
Subscriptions |
|
Lost and Found |
|
Find References |
|
Rename |
| Search |
History
| 5/4/2005 12:04:29 PM |
|
List all versions |
SSPI stands for the Security Support Provider Interface, which helps a client and server establish and maintain a secure channel, providing confidentiality, integrity, and authentication (WhatIsCIA). It abstracts most of the details of performing an authentication handshake and provides methods for integrity-protecting and encrypting data being sent on the wire as well as for decrypting and validating that data on the other side. Providers, such as Kerberos, NTLM, and Negotiate sit underneath this abstract interface. Figure 65.1 shows the basic architecture.
Figure 65.1 The Security Support Provider Interface
Whereas SSPI is used internally by many secure operating system features such as the file system, RPC, and COM, you may need to use it yourself to "Kerberize" an application that doesn't make use of these higher-level transports. I provide some guidelines on doing this with raw socket-based apps in HowToAddCIAToASocketBasedApp, and with .NET Remoting in HowToAddCIAToDotNetRemoting.
Keith's first book-in-a-wiki. If you would like to read the book online or order a physical copy to throw at annoying coworkers, surf to the HomePage. Please note that due to overwhelming wikispam, this particular wiki is no longer editable.
About FlexWiki.
Recent Topics