When you authenticate against active directory as described in this answer, how is the exchange sent over the network? Is it encrypted? If not, what is the correct way to ensure that it is not sent in clear text?
Asked
Active
Viewed 134 times
1 Answers
0
If the PrincipalContext class implements the Kerberos protocol to authenticate the user against the Active Directory, the users credential is protected according the Kerberos protocol. Basically both sides makes use of a secret key to create a secure channel using a key exchange protocol like Diffie-Hellman.
You can find a quick explanation about the Kerberos protocol in wikipedia, but the RFC 4120 is the official source.
In other hand if it uses plain LDAP queries, the security will be on the transport protocol.
WelsonJR
- 299
- 3
- 5
-
How can I know what method it uses? – Gigi Mar 18 '14 at 21:50