Updated the readme.
This commit is contained in:
antiduh
34
Readme.txt
34
Readme.txt
@@ -3,11 +3,12 @@ better known as SSPI (Security Service Provider Interface).
|
||||
|
||||
The SSPI API provides an interface for real authentication protocols, such as Kerberos or
|
||||
NTLM, to be invoked transparently by client and server code in order to perform authentication
|
||||
and such. These authentication protocols are better known as security packages. SSPI API
|
||||
exposes these packages using a common API, and so a program may invoke one or the other with
|
||||
only minor changes in design. SSPI also supports the 'negotiate' 'meta' package, that allows
|
||||
a client and server to decide dynamically which real security provider to use, and then itself
|
||||
provides a passthrough interface to the real package.
|
||||
and message manipulation. These authentication protocols are better known as 'security packages'.
|
||||
|
||||
The SSPI API exposes these packages using a common API, and so a program may invoke one or the
|
||||
other with only minor changes in implementation. SSPI also supports the 'negotiate' 'meta'
|
||||
package, that allows a client and server to decide dynamically which real security provider to
|
||||
use, and then itself provides a passthrough interface to the real package.
|
||||
|
||||
==== Usage ====
|
||||
|
||||
@@ -21,7 +22,7 @@ and authentication tokens to perform authentication, and if all succeeds, they c
|
||||
security context in the form of a client's context and a server's context. The effectively shared
|
||||
context agrees on the security package to use (kerberos, NTLM), and what parameters to use
|
||||
for message passing. Every new client that authenticates with a server creates a new security
|
||||
context.
|
||||
context specific to that client-server pairing.
|
||||
|
||||
From the software perspective, a client security context initializes itself by exchanging
|
||||
authentication tokens with a server; the server initializes itself by exchanging authentication
|
||||
@@ -34,9 +35,9 @@ by deciding for themselves how to integrate the tokens into their application pr
|
||||
The project is broken up into 3 chunks:
|
||||
|
||||
* The NSspi library, which provides safe, managed access to the SSPI API.
|
||||
* NsspiDemo, a quick demo program to show how to exercise the features of NSspi locally
|
||||
* NsspiDemo, a quick demo program to show how to exercise the features of NSspi locally.
|
||||
* UI demo programs TestClient and TestServer (that have a common dependency on TestProtocol) that
|
||||
may be run on separate machines, that shows how one might integrate SSPI into a custom
|
||||
may be run on separate machines, that show how one might integrate SSPI into a custom
|
||||
application.
|
||||
|
||||
==== More information ====
|
||||
@@ -47,4 +48,19 @@ MSDN documentation on the SSPI API
|
||||
http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731(v=vs.85).aspx
|
||||
|
||||
MSDN article on SSPI along with a sample Managed C++ SSPI library and UI client/servers.
|
||||
http://msdn.microsoft.com/en-us/library/ms973911.aspx
|
||||
http://msdn.microsoft.com/en-us/library/ms973911.aspx
|
||||
|
||||
Relevant StackOverflow questions:
|
||||
"Client-server authentication - using SSPI?"
|
||||
- http://stackoverflow.com/questions/17241365/
|
||||
|
||||
"Validate Windows Identity Token"
|
||||
- http://stackoverflow.com/questions/11238141/
|
||||
|
||||
"How to deal with allocations in constrained execution regions?"
|
||||
- http://stackoverflow.com/questions/24442209/
|
||||
|
||||
"AcquireCredentialsHandle returns massive expiration time"
|
||||
- http://stackoverflow.com/questions/24478056/
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user