Chapter 63. What Is Protocol Transition?

Protocol transition is a new feature that's been added to Windows Server 2003 domains. Put bluntly, it allows certain designated servers to establish logon sessions with valid Kerberos credentials for an arbitrary domain user without knowing that user's password! As I showed in Item 26, if you're one of these designated servers, you can create a WindowsIdentity for a user, with a real token (Item 16) and logon session (Item 17) behind it. Simply use the WindowsIdentity constructor that takes a single string argument, the user's account name—technically the user principal name (UPN) for the account, which is typically the user's e-mail address.

There are a couple of scenarios where this can be helpful. The ...

Get The .NET Developer's Guide to Windows Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.