Implementing namespace security

After you have developed and tested your custom namespaces, you should secure those namespaces before deploying them in a live production environment. There are two security settings that you need to be concerned about:

Authentication of provisioning requests (trusted and untrusted requests)
Access to namespace procedures

Authentication of provisioning requests

There are two type of provisioning requests:

Untrusted requests
These requests contain only data and the name of a procedure to call and are authenticated based on their COM+ security context. Untrusted requests do not pass the basic authentication credentials of the caller, but instead run under the context of the Microsoft Provisioning Framework Service Account.
Trusted requests
Trusted requests pass basic authentication credentials (a user name, password, and Windows domain name) to Microsoft Provisioning Framework. Microsoft Provisioning Framework then delegates authentication responsibility to the calling process.

For security reasons, untrusted requests are the standard approach for invoking Microsoft Provisioning Framework for both COM+ and HTTP/SOAP applications.

When testing custom namespaces, you should submit a trusted request that explicitly defines its security context and procedure steps as well as data. Only members of the MPFTrustedUsers group are allowed to submit trusted requests. After testing custom namespaces outside of the production environment, change your namespace coding to secure the namespace by allowing only untrusted requests.

Access to namespace procedures

The default access type of a procedure is public. When deploying a procedure, set the access type to private if public access is not required. By default, the namespace file sets the access type to public to facilitate testing. In a live production environment, this does not provide the appropriate level of security.

During development and testing of namespaces, you can change the Provisioning Manager security settings to grant the AuthenticatedUsers group permissions to submit requests. This will allow you to run private namespaces in the context of any user. For more information, see To grant permissions to submit requests to provisioning engines.

Important

To secure your namespace, you must remove this setting before deploying your namespace in production.
When specifying user or group permissions to execute a procedure, it is strongly recommend that you use the Allow security option in Provisioning Manager. Using the Deny security option to restrict access to a namespace procedure can have unforseen consequences.

For more information about namespace security, see Maintaining and updating namespaces and procedures and Managing security.