Skip to Content
The .NET Developer's Guide to Windows Security
book

The .NET Developer's Guide to Windows Security

by Keith Brown
September 2004
Intermediate to advanced
408 pages
7h 25m
English
Addison-Wesley Professional
Content preview from The .NET Developer's Guide to Windows Security

Chapter 35. What Is a Null Session?

A null session is how Windows represents an anonymous user. To understand how it is used, imagine the sort of code you have to write in a server to deal with authenticated clients. After authenticating a client using Kerberos (Item 59), say, your server receives a token for that client that contains group SIDs, and you can use that token to perform access checks against ACL'd resources (Item 39). For instance, given the client's token it's quite easy to check whether that client should be granted write access to a file. We can simply impersonate the client (Item 31) and try to open the file for writing. The operating system will compare the DACL on the file with the client's token (that we're impersonating) ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

.NET Framework Security

.NET Framework Security

Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi Martin, Kevin T. Price
Programming .NET Security

Programming .NET Security

Adam Freeman, Allen Jones
The .NET Developer’s Guide to Directory Services Programming
Security Strategies in Windows Platforms and Applications, 3rd Edition

Publisher Resources

ISBN: 0321228359Purchase book