Authorization During Request Submittal

Microsoft® Provisioning Framework (MPF) recognizes two types of provisioning requests: simple and trusted. 

MPF provides two application programming interfaces (APIs) that submit requests to the framework: IProvEngine and IProvQueue. IProvEngine is for real-time requests, IProvQueue for queued requests, and SOAP ISAPI for SOAP requests. The methods for simple and trusted requests are listed below.

Type of Request Submitted To... API/Method
Simple requests Provisioning engines IProvEngine::SubmitRequest
Queue managers IProvQueue::SubmitRequest
Trusted requests Provisioning engines IProvEngine::SubmitTrustedRequest
Queue managers

A caller's authority to execute these APIs is governed by the Requests Security properties in Provisioning Manager. For more information, see Provisioning Engines and Provisioning Queue Manager Service.

Once they receive a request, MPF clients build the request's COM security context and pass it to the provisioning engine. The two client properties MPF uses to do this, Capabilities and Impersonation Level, are configured in Provisioning Manager. For more information, see Clients.

SOAP ISAPI verifies that callers are allowed to submit SOAP requests when it creates the corresponding MPF requests. By default, SOAP ISAPI runs under the MPFClientAcct user account, so the COM security context is MPFClientAcct. Incoming requests are initially authorized by Microsoft® Internet Information Server (IIS). The way SOAP ISAPI continues this process once it receives a request is determined by:

See Also

Access Control Basics, Authorization, XML Schema for Requests

Up Top of Page
© 1999-2002 Microsoft Corporation. All rights reserved.