Integrated windows authentication refers to a set of authentication protocols such as NTLM and Kerberos, which help in providing transport-level security. It is a term that is associated with Microsoft products with respect to the Security Support Provider Interface (SSPI) functionality that emerged with the introduction of Microsoft Windows 2000 (Technet.microsoft.com, 2017). In addition, it was also induced in the later version of the Windows NT-based operating systems. Integrated windows authentication is commonly used for automatic authentication of connection between Microsoft internet services and any other active directory aware applications (Technet.microsoft.com, 2017). The improvement of integrated windows authentication through the introduction of .Net Framework 3.5 enhanced how HttpListener and SmtpClient are handled. It added support for extended protection to enhance security (Technet.microsoft.com, 2017).
Windows integrated authentication is made up of updated servers that are configured to enable verification of the frequency and service binding statistics when present in the consumer authentication token. It could also discard the verification attempt if the channel bindings present a mismatch. With respect to the deployment setting, servers have the ability to verify the channel bindings, service binding or both (Technet.microsoft.com, 2017).
Integrated Windows Authentication (IWA) is different from another primary authentication platform in the sense that it does not request the user for their login information. The integrated windows authentication uses the information of the present windows user. In case authentication is unsuccessful; the Internet Explorer will request the user for their windows account login credentials, which are generated via the IWA (Technet.microsoft.com, 2017). The use of the Internet Explorer will prompt the user to enter correct combination of username and password, to have a successful authentication. However, if the user has logged on to a local computer as a domain user, then authentication will not be necessary when trying to access a network computer using the same domain (Technet.microsoft.com, 2017).
Windows 2000 provides one with the opportunity to bring together users and other objects into groups to grant access permission administration. However, it is a significant task defining these security groups. They can be defined according to their scope, such as Global groups concerning specific rights, roles, and purpose. The use of existing IIS server and Windows Server 2012 Active Directory makes it possible to assign similar security authorizations to large numbers of users. Such practices help ensure consistency in assigning security permissions to all the group. The use of security groups to assign permissions implies that access control on resources remains a relatively static and easy to control and audit.
Active Directory Domain Services (ADDS) integration in Windows Server could be used for promoting the rapid and easy deployment of domain controllers. Moreover, it results in increased flexibility when performing auditing and authorization access to files as well as the secure execution of administrative tasks at scale via a reliable graphical and scripted management experience. Windows Server 2012 delivers improved support functionalities of private and public clouds through virtualization-safe tools. However, unlike other servers, it can deploy virtual domain controllers via cloning processes rapidly.
Windows certificate services is a reliable unit that utilizes electronic documents that authenticate and validate a digital entity’s characteristics on the internet. Electronic documents are referred to as digital certificates because they form a central part of secure communication and play a crucial role in the public key infrastructure (Msdn.microsoft.com, 2017). When a certificate-based authentication server is issued with a certificate, it first checks to confirm whether a trusted certificate authentication has signed the digital certificate. Second, it will confirm whether the certificate has expired by checking the start and end dates. After confirmation of the validity of the certificate, the server checks for the revocation of the certificate which could be either through OCSP or CRL check (Msdn.microsoft.com, 2017). The last step involved confirming whether the client has provided proof of possession. Installation of certificates in the personal certificate store on client systems would aid in the utilization of in-house windows certificate’s authority server to offer a certificate to the newly created portal (Msdn.microsoft.com, 2017).
Standard Security Technology (SSL) is typically used to create an encoded connection between a web server and a web client. SSL creates and facilitates a network communication through the identification and authentication of the server (Bollay, & Hawthorne, 2017). Also, it also guarantees the integrity and privacy of transmitted data. SSL prevents instances of eavesdropping and or tampering with any information transmitted via the network. Therefore, it should be used when dealing with any login and authentication mechanism or any network that involves conveying of confidential or proprietary information (Support.microsoft.com, 2017).
A user has the ability to enforce SSL for all communications taking place on the portal by setting the browser to establish secure connections to a specified website. The websites then fetches the IP address of the website from the DNS Server. Upon receipt of the IP address, the browser sends a secure connection to the website. Before the browser can establish a secure connection, it sends requests to the server to identify itself. Responding to the identification request, the server sends to the browser a copy of the assigned SSL certificate. Once the browser has confirmed that the website can be trusted it produces a symmetric session key. The key is encrypted using the public key generated by the website’s certificate. The webserver has a private key that it uses to decrypt the received session key from the website, and sends an acknowledge containing an encryption of the session key. From that point onwards, all data communicated between the browser and the server is secure and encrypted.
Users can either connect or log on the portal through a secure connection using SSL. Creating an SSL certificate is necessary when establishing a connection between the Web Adaptor and the user’s portal. An SSL certificate is an example of a digital file containing information regarding the identity of the web server. It also holds the encryption technique to use in launching a secure channel between the portal and the web server. For that reason, an SSL certificate must always be created and generated by the owner of the website and signed digitally (Support.microsoft.com, 2017). A user can enable SSL to make certain that all login information and undertakings on the portal are secure and encoded by acquiring the certificate used for encrypting and decrypting information being conveyed through the network. Internet information services consist of its specific certificate request tool that the user could use in sending a request for a certificate from the relevant certification authority (Support.microsoft.com, 2017).
Bollay, B. S., & Hawthorne, J. M. (2017). U.S. Patent No. 9,705,852. Washington, DC: U.S. Patent and Trademark Office.
Support.microsoft.com. (2017). Retrieved 30 October 2017, from https://support.microsoft.com/en-us/help/324069/how-to-set-up-an-https-service-in-iis
Technet.microsoft.com. (2017). Technet.microsoft.com. Retrieved 30 October 2017, from https://technet.microsoft.com/en-us/library/dn751047(v=ws.11).aspx
Windows 2000 Certificate Services. (2017). Msdn.microsoft.com. Retrieved 30 October 2017, from https://msdn.microsoft.com/en-us/library/bb727022.aspx