Community Server

Delegation is a feature of Kerberos authentication that allows a server to obtain a Kerberos ticket on behalf of an end user without ever having access to the end user's password. This functionality allows Kerberos to solve typical "double-hop" authentication problems where a user's credentials need to flow through multiple ...

In Part 3 of this series we look at setting up Kerberos Authentication in the simplest possible scenario. If you missed Parts 1 (What is Kerberos and how does it work) and 2 (Service Principal Names) they may be worth reading first. In this scenario, we have a client, a DC and a single IIS server. As we progress through the series, we will ...

Apologies for the delay in posting Part 2 - I've been on holidays so it's been a bit hard finding the time to write these posts. In this part we cover Service Principal Names (SPNs).  In a previous post we covered the basics of Kerberos authentication. Everything is relatively straitforward, however I didn't cover the one ...

Edit: I've created a list of all the parts in this series here, which will be updated as I add more parts.  Configuring Kerberos and Delegation is one of the more common problems I see in the communities and even within Avanade. Since Kerberos isn't a simple topic, I'm going to write a quick series explaining how Kerberos works, ...

A little discussed feature in Windows Vista is Mandatory Integrity Control (MIC). Unlike DACL (Discretionary Access Control Lists), MIC is designed to protect your operating system based on the trustworthiness of the code being run. High integrity files (e.g. system operating files) are protected from accidental damage by users, and user data is ...

Well it seems Mitch is talking about user-centric identity again. :-) I'd like to say that users should be in control of their identity. And identity exchange systems that make it easier, better and more secure for users to interact with computer systems, both internal to their companies, and externally, are a good thing. However I think Mitch ...

What else has changed with services in Vista? The user contexts that services run under has changed dramatically in Windows Vista. Instead of running as LocalSystem, many services now run as lower privileged Network Service or Local Service for most of the time. The following chart compares Windows XP SP2 to the planned release of Vista: But ...

Microsoft ISA Server 2006 has been released. Internally within Avanade we have been using ISA Server 2006 (aka Wolverine) for around six months to publish our internal Early Adopter environment (Exchange 2007, Sharepoint 2007 etc) where we test Microsoft products. Avanade was the first TAP partner to deploy Exchange 2007 into production.

Welcome to part 1 of a "Why Vista" series. Following on from my previous post, I'll hopefully be presenting a post every few days on what good changes are coming in Vista. None of these are features that will appeal to everyone, but the sum total of all of these features will hopefully provide the value proposition to justify an ...

Microsoft released two IIS-related updates in this month's batch of security patches. The first involves ASP, and the second ASP.NET. Both are listed as Important. What are the actual risks and vulnerability details though? ASP.NET The ASP.NET patch (MS 06-033) deal with a potential Information Disclosure risk. In ASP.NET v2 a special folder ...