Security Extensions

  • Article

The CCF Security Extensions were developed to help ensure the security of data in different CCF deployment scenarios. If credentials are configured properly , the following steps occur:

  1. The agent starts the ID application.
  2. The ID displays a logon dialog box.
  3. The agent enters his or her logon credentials.
  4. The corresponding CCF-to-Active Directory credentials are sent to the ID application. This set of credentials is used for all further Web service communication.

In all further Web service calls from the ID, the client credentials are overridden by the CCF-AD credentials. This is accomplished by the following method.

client.ClientCredentials.Windows.ClientCredential = AgentCredentialUtilities.GetCurrentCredential();

The method returns the CCF-to-Active Directory credentials if the security extension feature is enabled. It returns the default credentials if the security extension feature is disabled. For any client created in public code, it is good practice to override the default credentials as described above.

  • (Scenario 1) The CCF server and ID client are in the same domain or in different domains with mutual trust, and authentication is done through Active Directory.
  • (Scenario 2) The ID client operates in one domain and the CCF server operates in another domain. Both use Active Directory, but they use separate Active Directory domains. The agent logs on to the ID on the client computer, and his or her credentials are validated on a separate server.
  • (Scenario 3) The ID operates in its own domain and uses a different, third-party authentication protocol, such as Lightweight Directory Access Protocol (LDAP). The CCF server operates in another domain under Active Directory. Mappings between the third-party account and the CCF-AD account are stored separately. The agent enters his or her logon credentials, which are sent to the third-party protocol for authentication. When the third-party protocol successfully authenticates the user, it notifies the CCF server, and the corresponding CCF-AD credentials are stored in the ID. CCF includes a tool to manage the mappings.

Note

In this scenario, you must make sure that users have permissions to write to log files.