Chapter 62. What Is Delegation?
In Item 31, I described the concept of impersonation, where a server can temporarily take on a client's identity in order to perform some work on the client's behalf. Usually when a server impersonates a client, it's only to access resources that are local to the server. When the server attempts to use the client's credentials to access remote resources, well, that's delegation and by default it's disallowed. If a server (Bob
) impersonates a remote client (Alice
) and tries to authenticate with another server (Charlie
), by default Charlie
will see a null session (Item 35) rather than a logon for Alice
.
Before Windows embraced Kerberos in Windows 2000, a simple challenge-response authentication protocol called NTLM ...
Get The .NET Developer's Guide to Windows Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.