USING WINDOWS AUTHENTICATION IN A WORKGROUP TO MANAGE APPLICATION USERS

US 20090313684A1
Filed: 06/12/2008
Published: 12/17/2009
Est. Priority Date: 06/12/2008
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user of an application executing at a front-end computer, the method comprising:

under control of a logon computer,establishing an account for the user with an operating system executing on the logon computer, the account specifying credentials of the user that are available to the user, the credentials for authenticating access by the user to the account of the operating system; and

granting the user access rights to one or more application resources wherein the operating system manages access to the resource; and

under control of the front-end computer,receiving credentials from the user;

sending a request to access the application resource managed by the logon computer using the received credentialsreceiving an indication of whether the resource was successfully accessed using the received credentials; and

when the indication indicates that the resource was accessed successfully, indicating that the user is authenticated and authorized to access the resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An system for authenticating users of an application program executing at a front-end computer using the security features built into the operating system of a logon computer is provided. Initially, an administrator establishes user accounts for each user with an operating system executing at the logon computer with access to application resources. When the application program starts executing at the front-end computer, the application program prompts the user for credentials. The application program attempts to access resources managed by the logon computer using the received credentials. When access to a resource is successful, the application program knows that the logon computer has authenticated the user and the user is authorized to access the resource. In this manner, the application program can take advantage of the security features built into the operating system executing at the logon computer to authenticate users of the application program and authorize access to application resources.

41 Citations

View as Search Results

20 Claims

1. A method for authenticating a user of an application executing at a front-end computer, the method comprising:
- under control of a logon computer,establishing an account for the user with an operating system executing on the logon computer, the account specifying credentials of the user that are available to the user, the credentials for authenticating access by the user to the account of the operating system; and
  
  granting the user access rights to one or more application resources wherein the operating system manages access to the resource; and
  
  under control of the front-end computer,receiving credentials from the user;
  
  sending a request to access the application resource managed by the logon computer using the received credentialsreceiving an indication of whether the resource was successfully accessed using the received credentials; and
  
  when the indication indicates that the resource was accessed successfully, indicating that the user is authenticated and authorized to access the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 including:
    - under control of the logon computer,upon receiving a request to access the resource,requesting the operating system to access the resource using the credentials of a received request; and
      
      sending the indication of whether the requested access was successful.
  - 3. The method of claim 2 including:
    - under control of an intermediary computer,upon receiving from the front-end computer the request to authenticate the user,sending the request to the logon computer;
      
      receiving from the logon computer the indication of whether the requested access was successful;
      
      storing the indication of whether the requested access was successful; and
      
      sending to the front-end computer the indication.
  - 4. The method of claim 1 wherein the resource is a database located at the logon computer.
  - 5. The method of claim 1 wherein the resource is one or more files located at the logon computer.
  - 6. The method of claim 4 wherein the request to authenticate the user is a request to open a connection to the database located at the logon computer.
  - 7. The method of claim 1 wherein the operating system executing at the logon computer is a version of the MICROSOFT WINDOWS operating system.
  - 8. The method of claim 1 wherein sending a request to authenticate the user includes:
    - sending a logon request;
      
      receiving a token; and
      
      sending a request to access the resource using the received token.

9. A computer-readable storage medium containing instructions for authenticating a user of an application executing at a front-end computer by a method, the method comprising:
- prompting the user to enter credentials at the front-end computer, the credentials for accessing a user account established with an operating system executing at a logon computer, the user account having rights to access a database at the logon computer, and wherein the operating system executing at the logon computer manages access to the database;
  
  receiving credentials from the user;
  
  sending a request for a token, the request including the received credentials;
  
  receiving a token without an indication of whether the token is valid, the token generated by the operating system executing at the logon computer using the received credentials;
  
  storing the token at the front-end computer;
  
  sending a request to open a connection to the database using the token;
  
  receiving an indication of whether a connection to the database was opened successfully using the token, the indication generated by the operating system executing at the logon computer; and
  
  when the indication indicates that a connection to the database was opened successfully, indicating that the user is authenticated for the purpose of accessing the database.
- View Dependent Claims (10, 11, 12)
- - 10. The computer-readable storage medium of claim 9 wherein the operating system executing at the logon computer is a version of the MICROSOFT WINDOWS operating system.
  - 11. The computer-readable storage medium of claim 9 further comprising:
    - sending a request to access the database using the token; and
      
      receiving an indication of whether access was successfully granted using the token, the indication generated by the operating system executing at the logon computer.
  - 12. The computer-readable storage medium of claim 9 further comprising:
    - in response to authenticating the user, displaying a user interface of the application to the user.

13. A method in a logon computer for authenticating a user of an application executing at a front-end computer, the logon computer executing an operating system that manages access to a resource, the method comprising:
- establishing a user account for the user with the operating system, the user account specifying credentials for authenticating access to the user account with rights to access a resource managed by the operating system;
  
  receiving a request to authenticate the user, the request including credentials of the user;
  
  attempting to access the resource using the credentials; and
  
  sending an indication of whether the resource was successfully accessed using the received credentials,so that the application can authenticate the user based on whether the operating system indicates that access to the resource using the received credentials was successful.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13 wherein the indication of whether the resource was successfully accessed using the received credentials is successful is sent to the front-end computer.
  - 15. The method of claim 13 wherein the indication of whether the resource was successfully accessed using the received credentials is successful is sent to an intermediary computer.
  - 16. The method of claim 15 wherein access to a second resource is managed at the intermediary computer.
  - 17. The method of claim 13 wherein the operating system executing at the logon computer is a version of the MICROSOFT WINDOWS operating system.
  - 18. The method of claim 13 wherein receiving a request to authenticate the user includes:
    - receiving a logon request;
      
      sending a token; and
      
      receiving a request to access the resource, the request including the token.
  - 19. The method of claim 13 further comprising:
    - authorizing access to the resource based on whether the operating system indicates that access to the resource using the received credentials was successful.
  - 20. The method of claim 13 wherein the resource is a database and the request to authenticate the user is a request to open a connection to the database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Sanscartier, Benoit, Shah, Mehul Y.

Granted Patent

US 8,533,797 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/08   for authentication of entit...

H04L 9/3234   involving additional secure...

USING WINDOWS AUTHENTICATION IN A WORKGROUP TO MANAGE APPLICATION USERS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

USING WINDOWS AUTHENTICATION IN A WORKGROUP TO MANAGE APPLICATION USERS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links