Authentication Services (Compact 2013)
3/28/2014
Authentication Services for Windows Embedded Compact-based devices provide security services for user authentication, credential management, and message protection through the Security Support Provider Interface (SSPI). Within SSPI, different security options are available. These options include NTLM security support provider (SSP) and Kerberos SSP. Each of these options contains different authentication and cryptographic schemes. You can also provide your own security package and add it to the registry for applications to use.
In addition to the SSPI credential management functionality, a component called Credential Manager is included automatically with Kerberos and NTLM services. Credential Manager allows users an option to save a name, password, and other authentication information on the device. The Credential Manager keeps track of the information and updates it when necessary.
Passport Authentication is a centralized service provided by Microsoft that offers a single logon and core profile services to member sites. This technology is automatically included with WinInet and is fully implemented. This frees application developers from dealing with the details of interacting with the Passport infrastructure.
Services supported by Windows Embedded Compact include security services for user authentication, credential management, and message protection through a programming interface called the Security Support Provider Interface (SSPI). A Security Support Provider Interface (SSPI) allows an application to use various security models available on a computer or network without changing the interface to the security system.
A security support provider (SSP) is contained in a dynamic-link library (DLL) that implements SSPI by making one or more security packages available to applications. Each security package provides mappings between the SSPI function calls of an application and the functions of an actual security model. Security packages support security protocols such as Kerberos and NTLM.
The following security support providers are supported by Windows Embedded Compact:
- Kerberos Security Support Provider
- NTLM Security Support Provider
- Schannel Security Support Provider
- Negotiate Security Support Provider
To determine which provider is supported by a specific OS design, check for unique DLLs associated with each provider. The following table shows the DLLs for Kerberos, NTLM, and Schannel security providers.
Security provider |
Module |
|---|---|
Kerberos |
Kerberos.dll, Cryptdll.dll |
NTLM |
Ntlmssp.dll |
Schannel |
Schannel.dll |
To add this feature to your OS, see Authentication Services Catalog Items and Sysgen Variables.
For reference information, see Authentication Services Reference.
Sample application code is available at SSPI Sample Application.