From 239d651ec627a0d95128a7a09674c78149d40f16 Mon Sep 17 00:00:00 2001 From: antiduh Date: Mon, 7 Jul 2014 17:27:19 +0000 Subject: [PATCH] Updated the readme. --- Readme.txt | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/Readme.txt b/Readme.txt index 425726d..2dc2bbf 100644 --- a/Readme.txt +++ b/Readme.txt @@ -3,11 +3,12 @@ better known as SSPI (Security Service Provider Interface). The SSPI API provides an interface for real authentication protocols, such as Kerberos or NTLM, to be invoked transparently by client and server code in order to perform authentication -and such. These authentication protocols are better known as security packages. SSPI API -exposes these packages using a common API, and so a program may invoke one or the other with -only minor changes in design. SSPI also supports the 'negotiate' 'meta' package, that allows -a client and server to decide dynamically which real security provider to use, and then itself -provides a passthrough interface to the real package. +and message manipulation. These authentication protocols are better known as 'security packages'. + +The SSPI API exposes these packages using a common API, and so a program may invoke one or the +other with only minor changes in implementation. SSPI also supports the 'negotiate' 'meta' +package, that allows a client and server to decide dynamically which real security provider to +use, and then itself provides a passthrough interface to the real package. ==== Usage ==== @@ -21,7 +22,7 @@ and authentication tokens to perform authentication, and if all succeeds, they c security context in the form of a client's context and a server's context. The effectively shared context agrees on the security package to use (kerberos, NTLM), and what parameters to use for message passing. Every new client that authenticates with a server creates a new security -context. +context specific to that client-server pairing. From the software perspective, a client security context initializes itself by exchanging authentication tokens with a server; the server initializes itself by exchanging authentication @@ -34,9 +35,9 @@ by deciding for themselves how to integrate the tokens into their application pr The project is broken up into 3 chunks: * The NSspi library, which provides safe, managed access to the SSPI API. - * NsspiDemo, a quick demo program to show how to exercise the features of NSspi locally + * NsspiDemo, a quick demo program to show how to exercise the features of NSspi locally. * UI demo programs TestClient and TestServer (that have a common dependency on TestProtocol) that - may be run on separate machines, that shows how one might integrate SSPI into a custom + may be run on separate machines, that show how one might integrate SSPI into a custom application. ==== More information ==== @@ -47,4 +48,19 @@ MSDN documentation on the SSPI API http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731(v=vs.85).aspx MSDN article on SSPI along with a sample Managed C++ SSPI library and UI client/servers. - http://msdn.microsoft.com/en-us/library/ms973911.aspx + http://msdn.microsoft.com/en-us/library/ms973911.aspx + +Relevant StackOverflow questions: +"Client-server authentication - using SSPI?" + - http://stackoverflow.com/questions/17241365/ + +"Validate Windows Identity Token" + - http://stackoverflow.com/questions/11238141/ + +"How to deal with allocations in constrained execution regions?" + - http://stackoverflow.com/questions/24442209/ + +"AcquireCredentialsHandle returns massive expiration time" + - http://stackoverflow.com/questions/24478056/ + +