The following example procedure and truth table summarize the logic flow of security processing for provisioning requests in Microsoft Provisioning Framework (MPF).
Value of @impersonate | Basic Authentication Credential securityContext | "Execute as" User on Procedure 2 | Value of @Impersonate | Result |
---|---|---|---|---|
0 | Irrelevant (not used even if specified) | Irrelevant (not used even if specified) | 0 | MPFServiceAcct |
1 | Basic authentication user | NULL | 0 | Basic authentication user |
1 | NULL | NULL | 0 | Calling user |
2 | Irrelevant (not used even if specified) | Not used | 0 | MPFServiceAcct |
Not specified | Basic authentication user | NULL | 1 | Basic authentication user |
Not specified | NULL | NULL | 1 | Calling user |
Not specified | Irrelevant (not used even if specified) | Irrelevant (not used even if specified) | 2 | MPFServiceAcct |
1 | Irrelevant (not used even if specified) | "Execute as" user | 0 | "Execute as" user |
Not specified | Irrelevant (not used even if specified) | "Execute as" user | 1 | "Execute as" user |
The Result column of the table lists the account under which MPF would run Procedure 3 in the following example, given various combinations of @impersonate, "execute as" credentials, and a basic authentication credential in the request passed to procedure 1.
<namespace name="namespace1">
<procedure name="Procedure1">
<execute procedure="Procedure2" namespace="Namespace1" impersonate="0" /><!—column 1-->
</procedure>
<procedure name="Procedure2" >
<execute procedure="Procedure3" namespace="Namespace2" impersonate="0"><!—column 2-->
</procedure>
</namespace>
For more information on how security is implemented in MPF, see the other security topics covered in Security in Microsoft Provisioning Framework