Export (0) Print
Expand All

Security and Identity

Develop secure desktop apps with Windows APIs and services. They provide:

  • Authentication.
  • Authorization.
  • Cryptography.
  • Directory, identity, and access services.
  • Parental controls.
  • Rights management.
This section also provides best practices and other security articles.

In this section

TopicDescription

Authentication

Authentication is the process by which the system validates a user's logon information. A user's name and password are compared to an authorized list, and if the system detects a match, access is granted to the extent specified in the permission list for that user.

Authorization

Authorization is the right granted an individual to use the system and the data stored on it. Authorization is typically set up by a system administrator and verified by the computer based on some form of user identification, such as a code number or password.

Best Practices for the Security APIs

Provides best practices for developing more secure applications.

Certificate Enrollment API

The Certificate Enrollment API can be used to create a client application to request a certificate and install a certificate response.

Cryptography

Cryptography is the use of codes to convert data so that only a specific recipient will be able to read it, using a key. CryptoAPI enables users to create and exchange documents and other data in a secure environment, especially over nonsecure media such as the Internet.

Cryptography API: Next Generation

Cryptography API: Next Generation (CNG) enable users to create and exchange documents and other data in a secure environment, especially over nonsecure media such as the Internet.

Dynamic Access Control developer extensibility

The Dynamic Access Control (DAC) scenario, as delivered in Windows Server 2012, has a variety of developer extensibility points that add customization potential for your applications development.

Directory, Identity, and Access Services

Network Administrators can use directory services to automate common administrative tasks, such as adding users and groups, managing printers, and setting permissions on network resources.

Independent Software Vendors and end-user developers can use directory services to directory-enable their products and applications. Services can publish themselves in a directory, clients can use the directory to find services, and both can use the directory to find and manipulate other objects.

Forefront Identity Manager (FIM) provides an integrated and comprehensive solution for managing the entire lifecycle of user identities and their associated credentials.

Identity Lifecycle Manager (ILM) enables IT organizations to reduce the cost of managing the identity and access lifecycle by providing a single view of a user's identity across the heterogeneous enterprise and through the automation of common tasks.

Active Directory Federation Service (AD FS) enables Federated Identity and Access Management by securely sharing digital identity and entitlements rights across security and enterprise boundaries.

Extensible Authentication Protocol

The Extensible Authentication Protocol (EAP) is a standard supported by several system components. EAP is crucial for protecting the security of wireless (802.1X) and wired LANs, Dial-up, and Virtual Private Networks (VPNs).

Extensible Authentication Protocol Host

EAPHost is a Microsoft Windows Networking component that provides an Extensible Authentication Protocol (EAP) infrastructure for the authentication of "supplicant" protocol implementations such as 802.1X and Point-to-Point (PPP).

MS-CHAP Password Management API

You can use the MS-CHAP Password Management API to create applications to change the passwords of networked users on remote workstations.

Network Access Protection

Network Access Protection (NAP) is a set of operating system components that provide a platform for protected access to private networks. The NAP platform provides an integrated way of evaluating the system health state of a network client that is attempting to connect to or communicate on a network and restricting the access of the network client until health policy requirements have been met.

Network Policy Server

Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy. It is the successor of Internet Authentication Service (IAS).

Parental Controls

The Parental Controls technology in Windows is intended to assist diligent parents or guardians in ensuring access to appropriate materials by age or maturity level for those under their guardianship. It provides an extensible infrastructure in addition to built-in capabilities.

Rights Management

Two generations of RMS protection are now available: Active Directory Rights Management Services SDK 2.0 and Active Directory Rights Management Services SDK, as well as a scripting API, Active Directory Rights Management Services Scripting API, that enables custom administration of an RMS server.

Security Development Lifecycle (SDL) - Process Guidance

Microsoft Security Development Lifecycle (SDL) is an industry-leading software security assurance process. A Microsoft-wide initiative and a mandatory policy since 2004, the SDL has played a critical role in embedding security and privacy in Microsoft software and culture. Combining a holistic and practical approach, the SDL introduces security and privacy early and throughout all phases of the development process.

Security Management

The security management technologies can be used to manage Local Security Authority (LSA) policy and password filter policy, query the ability of programs from external sources, and service attachments that extend the functionality of the Security Configuration tool.

Security WMI Providers

The Security WMI providers enable administrators and programmers to configure BitLocker Drive Encryption (BDE) and the Trusted Platform Module (TPM) using Windows Management Instrumentation (WMI).

Security Glossary

Provides a glossary of security terms.

TPM Base Services

The Trusted Platform Module (TPM) Base Services (TBS) feature centralizes TPM access across applications. The TBS feature uses priorities specified by calling applications to cooperatively schedule TPM access.

Windows Biometric Framework API

You can use the Windows Biometric Framework API to create client applications that securely capture, save, and compare end-user biometric information.

Security Technical Articles

Articles on security and cryptography.

 

 

 

Show:
© 2014 Microsoft