Presentation is loading. Please wait.

Presentation is loading. Please wait.

(Authentication / Authorization)

Published byNergis Hanım Modified over 5 years ago

Similar presentations

Presentation on theme: "(Authentication / Authorization)"— Presentation transcript:

1 (Authentication / Authorization)
Presentation made by: Sergio Azañón Cantero (Authentication / Authorization)

2 What is Security and Identity in Windows?
Windows provides APIs and services to develop more secure in desktop apps, these APIs are: Authentication Authorization Cryptography Directory, identity, and access services Parental controls Rights management

3 Table of contents What is Authentication? About Authentication
Using Authentication: Creating Custom Security Using Network Provider API Customizing Winlogon Using SSPI Protecting the Automatic Logon Password What is Authorization? About Authorization References

4 What is Authentication?
 is the process by which the system validates a user's logon information. A user's name and password are compared to an authorized list, and if the system detects a match, access is granted to the extent specified in the permission list for that user For developers, although not required, an understanding of authorization or security-related subjects is advised.

5 About Authentication Credentials Management How to obtain and manage credential information such as user names and passwords. LSA Authentication  How to authenticate and log users on to the local system and how to create and call authentication packages and security packages. Network Provider API  How to interact with other types of networks. Smart Card Authentication Describes the smart card authentication architecture. SSPI  How an application can use various security models available on a computer or network without changing the interface to the security system. Winlogon and Credential Providers  How customize to Winlogon behavior by implementing and registering a Credential Provider.

6 Creating Custom Security Packages
SSP Security Packages If a custom security support provider (SSP) security package will be used exclusively for client/server security support it can implement the Microsoft Security Support Provider Interface. SSP/AP Security Packages Custom security support provider/authentication packages (SSP/APs) contain security packages that function as authentication packages (APs) and security support providers (SSPs). These packages implement separate APIs to support each role. Because it functions as an AP, a custom SSP/AP security package must provide implementations for all of the Functions Implemented by Authentication Packages.

7 Using Network Provider API
Implementing a Network Provider  A network provider is a DLL that enables the Windows operating system to support a specific network protocol Implementing a Credential Manager  To create a credential manager, you must create a DLL that exports the following functions: NPLogonNotify and NPPasswordChangeNotify Registering Network Providers and Credential Managers After you have created your network provider or credential manager, you must register it with the system Returning Values to the MPR  The Windows Networking functions return WN_SUCCESS on success, or they return a unique nonzero value if the function encounters an error Handling Buffered Data  Several of the network provider functions take the address and size of a buffer into which the function places a variable-sized data structure Receiving Connection Notifications  Some applications need to receive notification of connection events, either before the event, just after it occurs, or both Registering to Receive Connection Notifications  After you have created a DLL to receive connection notifications, you must register it with the system.  Overriding the Default MPR Time-out Interval  If one of the network providers does not know when it will start, MPR uses a default time-out of 60 seconds for that provider.

8 Customizing Winlogon Winlogon  A part of the Windows operating system that provides interactive logon support. Winlogon is designed around an interactive logon model that consists of three parts: the Winlogon executable, a Graphical Identification and Authentication dynamic-link library (DLL) referred to as the GINA, and any number of network providers. Customize Winlogon behavior by implementing a Credential Provider. Winlogon has the following responsibilities: - Window station and desktop protection - Standard SAS recognition - SAS routine dispatching - User profile loading - Assignment of security to user shell - Screen saver control - Multiple network provider support

9 Using SSPI Security Support Provider Interface (SSPI) is a Win32 API used by Microsoft Windows systems to perform a variety of security-related operations such as authentication. SSPI functions as a common interface to several Security Support Providers (SSPs): A Security Support Provider is a dynamic-link library (DLL) that makes one or more security packages available to applications. Procedures Used with Most Security Packages and Protocols: The Security Support Provider Interface (SSPI) model provides a single interface for a client/server transport application using the various security packages available on a computer or network.

10 Protecting the Automatic Logon Password
The automatic logon password should be protected by using the LsaStorePrivateData function. The sintax of this function is: NTSTATUS LsaStorePrivateData( LSA_HANDLE PolicyHandle, PLSA_UNICODE_STRING KeyName, PLSA_UNICODE_STRING PrivateData ); PolicyHandle  A handle to a Policy object. The handle must have the POLICY_CREATE_SECRET access right if this is the first time data is being stored under the key specified by the KeyName parameter KeyName  Pointer to an LSA_UNICODE_STRING structure containing the name of the key under which the private data is stored. PrivateData Pointer to an LSA_UNICODE_STRING structure containing the private data to store. The function encrypts this data before storing it.

11 What is Authorization? is the right granted an individual to use the system and the data stored on it. Authorization is typically set up by a system administrator and verified by the computer based on some form of user identification, such as a code number or password Developers should be familiar with Windows-based programming. Although not required, an understanding of authorization or security-related subjects is advised. That is how looks the authorization administrator In Windows 10

12 About Authorization Access control  Access control refers to security features that control who can access resources in the operating system. Applications call access control functions to set who can access specific resources or control access to resources provided by the application. Client/Server Access Control  server applications that provide services to clients. Access Control for Application Resources  Role-based and ACL-based access control for application resources. Mandatory Integrity Control  System-level access control for securable objects. User Account Control  Security feature that enables users to perform common tasks as nonadministrators, called standard users, and as administrators without having to switch users, log off, or use Run As.

13 References Thank you for your attention!

Download ppt "(Authentication / Authorization)"

Similar presentations

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Chapter 9 Deploying IIS and Active Directory Certificate Services

Chapter 9 Deploying IIS and Active Directory Certificate Services
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Understanding Active Directory

Understanding Active Directory
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
(ITI310) SESSIONS 9-10-11-12: Active Directory By Eng. BASSEM ALSAID.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.

Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.
Working with Workgroups and Domains

Working with Workgroups and Domains
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation www.telerik.com.

Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Similar presentations

Ads by Google