| Integrated Windows Authentication |
Article Index for Integrated |
Website Links For Integrated |
Information AboutIntegrated Windows Authentication |
| CATEGORIES ABOUT INTEGRATED WINDOWS AUTHENTICATION | |
| microsoft windows security technology | |
| computer network security | |
| authentication methods | |
|
Like certain other protocols, IWA sits on top of HTTP . Web-browsing software uses it as a Single Sign-on mechanism, so browsing users can transparently log-on to Web Service s using their Microsoft Windows credentials. Microsoft developed IWA, and it occurs mostly in Microsoft products, though other sets of software have implemented it as well, as in the Mozilla Firefox web-browser, the Apache Web-server and the shell utility CURL . THE PROTOCOL The protocol uses a Challenge-response sequence requiring the transmission of three messages between the client (wishing to authenticate) and the server (requesting authentication): # The client first sends a ''Type 1'' message containing a set of flags of features supported or requested (such as Encryption Key Size s, request for mutual authentication, etc.) to the server. # The server responds with a ''Type 2'' message containing a similar set of flags supported or required by the server (thus enabling an agreement on the authentication parameters between the server and the client) and, more importantly, a random ''challenge'' (8 Byte s). # Finally, the client uses the challenge obtained from the Type 2 message and the user's credentials to calculate the response. The calculation methods differ based on the NTLM authentication parameters negotiated previously, but in general they apply MD4 / MD5 Hashing Algorithms and DES encryption to compute the response. The client then sends the response to the server in a ''Type 3'' message. SEE ALSO EXTERNAL LINKS
|
|
|