locked
Windows Security Context v Windows User Context RRS feed

  • Question

  • Does anyone know if these are the same thing? If not what is the difference. I have been searching the Microsoft site a while and can only get what appears to be partial definitions. I know the Windows User context is the domain name and user name, but the Windows Security text seems to be more. can anyone confirm this?
    Wednesday, July 30, 2008 7:43 PM

Answers

All replies

  • Good afternoon Joshua - if you are referring to the security context (token) that is inherited by all processes started from explorer, then that is definitely the User Context (token).

    If you need any more information or additional info links, please let me know! I should be back on the forum early tomorrow morning.

    Regards,
    Bill Wesse

    Escalation Engineer
    Wednesday, July 30, 2008 8:02 PM
  • Ok. The "windows user context" i am talking about is the domain name/username pairing. I had been told the "windows security context" consists of more and requires AD to generate. Does this help clarify what I am talking about?



    example: some things that are MS seem to work if you integrate with a directory server that is non-MS and an SSO middle-wear that can do the user name/domain name pairing right, such as some functionality in exchange

    others such as Sharepoint seem to require more than the "windows user context" and this si what people here seem to refer to as "windows security context"  

    i'm trying to get some definitive answer as to what they are since I cannot find anyone to explain them well and one seems to require AD while the other definitely does not.
    Thursday, July 31, 2008 11:15 AM
  • Joshua, the security context at the core of any resource authorization in Windows will generally be the current user, if the application or server [web or otherwise] is impersonating the client. Otherwise it is the default hosting account context (which can be a number of things, such as the security principles used by services), but normally for IIS it is 'IIS_IUSR'. All security contexts exist as security tokens, which share a common format (see 'Authorization Reference' http://msdn.microsoft.com/en-us/library/aa375774(VS.85).aspx).
     
    On another note, this forum is for helping customers interoperating with Windows via our open protocol documentation. Could you specify which protocol you are referring to?

    Here are links to the SharePoint and Active Directory protocol documents:

    SharePoint Products and Technologies Protocol Documents
    http://msdn.microsoft.com/en-us/library/cc339473.aspx

    Windows Server Protocols (WSPP)
    http://msdn.microsoft.com/en-us/library/cc197979.aspx
    (Active Directory is covered by the [MS-AD*] documents

    If you are not working with those, your question may be better answered by posting on the SharePoint - Development and Programming forum at http://forums.msdn.microsoft.com/en-US/sharepointdevelopment/threads/

    Here is another link that might be of help: Security and Application Development in SharePoint: First Steps
    http://www.microsoft.com/technet/community/columns/secmvp/sv0408.mspx

    ====
    If the above is not applicable, you may need to submit a technical support question; if so, here are several links that should be of help to you:

    o Help & Support Home' at http://support.microsoft.com/ (there are 'Self Support Options' available on this page).
    o 'Select a Product for Assistance' at http://support.microsoft.com/gp/assistsupport
    o The Microsoft Knowledge Base at http://support.microsoft.com/search/


    Regards,
    Bill Wesse


    Escalation Engineer
    Monday, August 4, 2008 2:49 PM
  •  Joshua - here are several other links to security topics with regards to services:

    How to: Impersonate a Client on a Service
    http://msdn.microsoft.com/en-us/library/ms731090.aspx

    Services and Service Accounts Security Planning Guide
    http://www.microsoft.com/technet/security/guidance/serversecurity/serviceaccount/sspgch02.mspx

    Regards,
    Bill Wesse


    Escalation Engineer
    Monday, August 4, 2008 3:01 PM
  • thank you. that information is rather helpful. seems that the terms have been made up here and no one has set them for our own use from that.

    there is definitely something more in use for some cases than others.
    Tuesday, August 5, 2008 11:37 AM