System.Security.Authentication.ExtendedProtection

System.Security.Authentication.ExtendedProtection Namespace

.NET Framework (current version)
 

The System.Security.Authentication.ExtendedProtection namespace provides support for authentication using extended protection for applications.

ClassDescription
System_CAPS_pubclassChannelBinding

The ChannelBinding class encapsulates a pointer to the opaque data used to bind an authenticated transaction to a secure channel.

System_CAPS_pubclassExtendedProtectionPolicy

The ExtendedProtectionPolicy class represents the extended protection policy used by the server to validate incoming client connections.

System_CAPS_pubclassExtendedProtectionPolicyTypeConverter

The ExtendedProtectionPolicyTypeConverter class represents the type converter for extended protection policy used by the server to validate incoming client connections.

System_CAPS_pubclassServiceNameCollection

The ServiceNameCollection class is a read-only collection of service principal names.

System_CAPS_pubclassTokenBinding

Contains APIs used for token binding.

EnumerationDescription
System_CAPS_pubenumChannelBindingKind

The ChannelBindingKind enumeration represents the kinds of channel bindings that can be queried from secure channels.

System_CAPS_pubenumPolicyEnforcement

The PolicyEnforcement enumeration specifies when the ExtendedProtectionPolicy should be enforced.

System_CAPS_pubenumProtectionScenario

The ProtectionScenario enumeration specifies the protection scenario enforced by the policy.

System_CAPS_pubenumTokenBindingType

Represents types of token binding.

The design of Integrated Windows Authentication (IWA) allows for some credential challenge responses to be universal, meaning they can be re-used or forwarded. If this particular design feature is not needed then the challenge responses should be constructed with, at minimum, target specific information and, at best, also some channel specific information. Services can then provide extended protection to ensure that credential challenge responses contain service specific information (a Service Provider Name or SPN) and, if necessary, channel specific information (a channel binding token or CBT). With this information in the credential exchanges, services are able to better protect against malicious use of credential challenge responses that might have been improperly obtained.

Return to top
Show:
© 2016 Microsoft