55 lines
3.1 KiB
55 lines
3.1 KiB
<?xml version="1.0" encoding="utf-8"?>
<Type Name="ProtectionScenario" FullName="System.Security.Authentication.ExtendedProtection.ProtectionScenario">
<TypeSignature Language="C#" Value="public enum ProtectionScenario" />
<TypeSignature Language="ILAsm" Value=".class public auto ansi sealed ProtectionScenario extends System.Enum" />
<remarks>To be added.</remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>The <see cref="T:System.Security.Authentication.ExtendedProtection.ProtectionScenario" /> enumeration specifies the protection scenario enforced by the policy.</para>
<Member MemberName="TransportSelected">
<MemberSignature Language="C#" Value="TransportSelected" />
<MemberSignature Language="ILAsm" Value=".field public static literal valuetype System.Security.Authentication.ExtendedProtection.ProtectionScenario TransportSelected = int32(0)" />
<attribution license="cc4" from="Microsoft" modified="false" />
<para>The transport will select between a secure and standard protection scenario depending on the type of channel used. For secure protection, integrated Windows authentication is wrapped in a secure channel and has an exactly matching channel binding token with no Service Provider Name (SPN) validation. For standard protection, integrated Windows authentication is optionally wrapped in a secure channel with an optional channel binding token and SPN validation is required. So if the request comes through a secure channel, the channel binding token (CBT) is checked, otherwise the SPN is checked.</para>
<Member MemberName="TrustedProxy">
<MemberSignature Language="C#" Value="TrustedProxy" />
<MemberSignature Language="ILAsm" Value=".field public static literal valuetype System.Security.Authentication.ExtendedProtection.ProtectionScenario TrustedProxy = int32(1)" />
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Integrated Windows authentication is wrapped in a secure channel terminated by a trusted proxy and has a channel binding token with SPN validation required. This requires the presence of a CBT, but the CBT is not checked while the SPN is checked.</para>
</Type> |