Access Control Basics

As Microsoft Provisioning Framework (MPF) processes a provisioning request, it exercises two forms of access control:

For access control, MPF supports the scenarios listed in the following table.

Table: Scenarios Supported by MPF

Scenario Description Advantages Disadvantages
Front-end access control A Web server or other front-end component performs all security checks before the request is submitted to MPF. MPF executes requests to external services based on the security context of a credential stored in the configuration database or (if there is no credential) MPFServiceAcct. In the latter case, MPFServiceAcct must be granted access to the external services.
  • Concentrates security checking onto the front end.
  • Does not require Kerberos delegation or basic authentication.
  • Loss of specificity on external access control.
  • Assumes that front end is secure.
Windows access control MPF executes requests based on the COM security context of the calling user, using Kerberos delegation or basic authentication to impersonate that user in requests to external services. MPF does not perform security checking.
  • Authentication is done at the back end, close to the actual data.
  • Makes use of Windows security context.
  • Requires either Kerberos delegation or basic authentication credentials.
  • Extra effort to set up users with security permissions for external services.
MPF access control Provisioning servers perform security checking based on the identity's right to access:
  • Namespaces
  • A submit request or submit trusted request method for IProvEngine or IProvQueue
  • Public and private procedures
  • External services (for example, before accessing Microsoft SQL Server, a caller might have to be authorized to call Active Directory)

MPF executes requests to external services in the security context of a credential stored in the configuration database or (if there is no credential) MPFServiceAcct. For the latter, MPFServiceAcct must be granted access to the external services.

For more information, see IProvQueue and IProvEngine.

  • Concentrates security checking in MPF.
  • Does not require Kerberos delegation.
  • Simplifies external access control.
  • Loss of specificity on external access control.
  • Assumes that MPF is secure.