Windows Client Authentication Architecture


Windows Client Authentication Architecture describes the many methods of Authentication available within Microsoft Windows

Windows Client Authentication Architecture

Here is a lager interactive Image: Windows Client Authentication Architecture/Windows Client Authentication Architecture.svg(info)

The Microsoft Windows Operating System supports authentication using security packages that function as both Security Support Provider and as Windows Authentication Packages. Security packages provide the Windows Logon process support services of a Windows Authentication Package and also provide Authentication Methods to applications by implementing a set of functions that are mapped to the Security Support Provider Interface (SSPI).

A security package that functions as an Windows Authentication Package and implements the functionality required by SSPI is called a Security Support Provider/Authentication Package (SSP/AP).

Windows Logon Types#

Windows Logon Types describes different Windows Logon Scenarios.

Credential input for user Windows Logon#

In Windows Server 2008 and Windows Vista, the Graphical Identification and Authentication (GINA) architecture was replaced with a Windows Credential Provider, which made it possible to enumerate different logon types through the use of logon tiles.

Microsoft Account (MSA)#

Microsoft Account (MSA) (previously known as Microsoft Passport,[2] .NET Passport, Microsoft Passport Network, and Windows Live ID) is a single sign-on Microsoft user account for Microsoft customers to log into Microsoft websites (like Outlook.com), devices running on one of Microsoft's current operating systems (e.g. Windows 10 computers and tablets, Windows Phones, and Xbox consoles), and Microsoft application software (including Visual Studio).

More Information#

There might be more information for this subject on one of the following: