Authentication Overview
Webspace provides two methods of authentication:
- Standard Authentication (the default setting)
- Integrated Windows Authentication
Webspace requires that at least either Standard authentication or Integrated Windows authentication be enabled. If both Standard authentication and Integrated Windows authentication are enabled, the Webspace Server attempts to log the user on in the following order:
- Integrated Windows authentication.
- Standard authentication, if Windows authentication fails.
Standard Authentication
Standard Windows authentication is the default method for authenticating users on a Webspace Server. Standard authentication allows users to sign in to a Webspace Server from the Logon dialog box by supplying their user name and password. Once authenticated, users are added to the server's INTERACTIVE group and given the same access rights as if they had signed in to the Webspace at its console.
Users logging onto a Webspace Server with standard authentication are:
- Added to the server's INTERACTIVE group.
- Granted the same access rights that they have when logging onto the server at its console.
Standard authentication includes logging on either with a user name and password supplied by any of the following:
- Logon dialog·box
- HTML parameters·
- Command-line arguments
Optionally, when Standard Authentication is enabled, you can also enable Client-Side Password Caching to allow the user name and password to be saved locally on the client, if the Remember Me on this Computer check box was selected in the Logon dialog box on the previous login. With the Remember Me on this Computer option enabled, the Logon dialog box appears with the user name and password pre-populated.
Integrated Windows Authentication
Integrated Windows authentication allows users to connect to a Webspace Server and start a session without having to sign in to the server and re-enter their user name and password. When Integrated Windows authentication is the only option enabled, the user’s user name and password are never transmitted over the network. Instead, the Webspace simply runs the user’s session in the same security context as the Webspace Client. Users are added to the server's INTERACTIVE group, and passwords are cached on the server by default.
To avoid these conditions, when Integrated Windows Authentication is enabled, Webspace automatically caches passwords on the server. Doing so allows users to sign in from Windows computers that are members of the same domain as the Webspace Server without having to enter their user name and password every time they connect. Users are prompted for a password when first connecting to the server or following a password change. Passwords are stored within their respective profiles and can only be decrypted from within their respective security contexts. With subsequent connections to Webspace, users are automatically signed in and added to the host's INTERACTIVE group. They are granted the same access rights had they signed in to the host at its console.
Webspace caches passwords on the host using the industry standard encryption algorithms provided by Microsoft’s Data Protection application programming interface (DPAPI). For more information about DPAPI search the MSDN Library (http://msdn.microsoft.com/library/default.asp) for “Windows Data Protection.”