Eksporter (0) Skriv ut
Vis alt
EN
Dette innholdet er ikke tilgjengelig på ditt språk, men her er den engelske versjonen.

Authentication Constants

Authentication constants are constants in the __WSManSessionFlags enumeration that specify the authentication method and how to handle certificate servers for HTTPS transport of requests.

One or more of the constants listed in the following table are required in the flags parameter in calls to WSMan.CreateSession or in IWSMan::CreateSession calls that connect to a remote computer.

Constant/valueDescription
WSManFlagCredUsernamePassword
4096 (0x1000)

Use the user name and password as the credentials. Set this flag when you create a ConnectionOptions object and supply Username and Password. The credentials can be a domain account or an account on the local computer. By default, the account must be a member of the local Administrators group on the local or remote computer. However, the WinRM service can be configured to allow other users. For more information, see Installation and Configuration for Windows Remote Management. You can set this flag when you specify credentials for Negotiate authentication (also known as Windows Integrated Authentication) or for Basic authentication.

The associated scripting method is WSMan.SessionFlagCredUsernamePassword, and the C++ method is IWSManEx.SessionFlagCredUsernamePassword.

WSManFlagSkipCACheck
8192 (0x2000)

When connecting over HTTPS, the client does not validate that the server certificate is signed by a trusted certification authority (CA). Use this value only when the remote computer is trusted by other means, for example, if the remote computer is part of a network that is physically secure and isolated or the remote computer is listed as a trusted host in the WinRM configuration.

The associated scripting method is WSMan.SessionFlagSkipCACheck, and the C++ method is IWSManEx.SessionFlagSkipCACheck.

WSManFlagSkipCNCheck
16384 (0x4000)

When connecting over HTTPS, the client will not validate that the common name (CN) in the server certificate matches the computer name in the connection string. Use only when the remote computer is trusted by other means, for example, if the remote computer is part of a network that is physically secure and isolated or the remote computer is listed as a trusted host in the WinRM configuration.

The associated scripting method is WSMan.SessionFlagSkipCNCheck, and the C++ method is IWSManEx.SessionFlagSkipCNCheck.

WSManFlagUseNoAuthentication
32768 (0x8000)

Use no authentication. Specify this constant when testing a connection to a remote computer to determine if a service that implements the WS-Management protocol is configured to listen for data requests. WSManFlagUseNoAuthentication cannot be combined with any other Session constant. The associated scripting method is WSMan.SessionFlagUseNoAuthentication, and the C++ method is WSManEx.SessionFlagUseNoAuthentication.

WSManFlagUseDigest
65536 (0x10000)

Use Digest authentication. Only the client computer can initiate a Digest authentication request. The client sends a request to the server to authenticate and receives a token string from the server. The client then sends the resource request, including the user name and a cryptographic hash of the password combined with the token string. Digest authentication is supported for HTTP and HTTPS. WinRM client scripts and applications can specify Digest authentication, but not the service.

The associated scripting method is WSMan.SessionFlagUseDigest, and the C++ method is IWSManEx.SessionFlagUseDigest.

WSManFlagUseNegotiate
131072 (0x20000)

Use Negotiate authentication. The client sends a request to the server to authenticate. The server determines whether to use Kerberos or NTLM. Kerberos is selected to authenticate a domain account and NTLM is selected for local computer accounts. The user name should be specified in the form domain\username for a domain user or servername\username for a local user on a server computer.

Starting with Windows Vista, User Account Control (UAC) affects access to the WinRM service. When Negotiate authentication is used in a workgroup or domain, only the built-in Administrator account can access the service. To allow all accounts in the Administrators group to access the service, set the following registry key to 1: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy.

Windows Server 2003 R2:  You can use Negotiate authentication only with domain accounts.

The associated scripting method is WSMan.SessionFlagUseNegotiate, and the C++ method is IWSManEx.SessionFlagUseNegotiate.

WSManFlagUseBasic
262144 (0x40000)

Use Basic authentication. The client presents credentials in the form of a user name and password, directly transmitted in the request message. You can specify only credentials that identify a local administrator account on the remote computer.

The associated scripting method is WSMan.SessionFlagUseBasic, and the C++ method is IWSManEx.SessionFlagUseBasic.

WSManFlagUseKerberos
524288 (0x80000)

Use Kerberos authentication. The client and server mutually authenticate using Kerberos tickets.

The associated scripting method is WSMan.SessionFlagUseKerberos, and the C++ method is IWSManEx.WSMan.SessionFlagUseKerberos.

WSManFlagNoEncryption
1048576 (0x100000)

Use no encryption. Unencrypted traffic is not allowed by default and must be enabled on both the client and server.

The associated scripting method is WSMan.SessionFlagNoEncryption, and the C++ method is IWSManEx.SessionFlagNoEncryption.

WSManFlagUseClientCertificate
2097152 (0x200000)

Use client certificate-based authentication.

The associated scripting method is WSMan.SessionFlagUseClientCertificate, and the C++ method is IWSManEx2.SessionFlagUseClientCertificate.

WSManFlagUseCredSsp
16777216 (0x1000000)

Use Credential Security Support Provider (CredSSP) authentication.

The associated scripting method is WSMan.SessionFlagUseCredSsp, and the C++ method is IWSManEx3.SessionFlagUseCredSsp.

Requirements

Minimum supported client

Windows XP with SP3

Minimum supported server

Windows Server 2003 with SP2

Header

Wsmandisp.h

IDL

Wsmandisp.idl

See also

Session Constants

 

 

Vis:
© 2014 Microsoft