2.1 Endpoints
This section specifies the Web Service endpoints that are used by protocols in the ADWS protocol set. ADWS exposes protocols that can be accessed via an endpoint. Each endpoint can be uniquely identified by a Uniform Resource Identifier (URI). The URIs for the ADWS protocols are shown in the following table. All endpoints use the "net.tcp" URI binding type. For more information on this binding type, see [MSDN-BINDINGS], "NetTcpBinding".
|
Endpoint URI |
Protocol exposed by endpoint |
Authentication mechanism (see below) |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/Resource |
Microsoft Windows® Integrated |
|
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/ResourceFactory |
[MS-WSTIM] |
Windows Integrated |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/Enumeration |
Windows Integrated |
|
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/AccountManagement |
Windows Integrated |
|
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/TopologyManagement |
[MS-ADCAP] |
Windows Integrated |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/Resource |
[WXFR], [MS-WSTIM] |
Username/password |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/ResourceFactory |
[MS-WSTIM] |
Username/password |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/Enumeration |
[WSENUM], [MS-WSDS] |
Username/password |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/AccountManagement |
[MS-ADCAP] |
Username/password |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/UserName/TopologyManagement |
[MS-ADCAP] |
Username/password |
|
net.tcp://localhost:9389/ActiveDirectoryWebServices/mex |
None |
In the preceding table, "localhost" represents the DNS hostname of the server hosting the endpoint. All endpoints listen on TCP port 9389.
The ADWS protocol set uses two types of authentication. Each endpoint (except for the "mex" endpoint) supports one or the other. The forms of authentication are:
-
Windows Integrated: These endpoints use Transport Layer Security (TLS) to protect the TCP transport. Integrated Windows authentication using the SPNEGO [RFC4178] protocol is used to authenticate the client to the server at the transport layer and to negotiate the session key used for TLS.
-
Username/password: These endpoints use TLS to protect the TCP transport. TLS is used to negotiate a session key to protect the TCP transport. The client authenticates (at the message layer) to the server by providing a plaintext username and password, as documented in WS-Security [WSS] and the WS-Security UserNameToken profile [WSSUTP1.1].
The "mex" endpoint neither requires nor supports authentication.
