Method for enabling a web server running a “closed” native operating system to impersonate a user of a web client to obtain a protected file
First Claim
1. A method of enabling a server supporting a closed native operating system to impersonate a user of a client to obtain a resource located in a file system of a distributed computer environment, the distributed computer environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:
- in response to a request from the user to access the resource, obtaining a credential from the security service;
associating the credential to a temporary operating system user identifier selected from a pool of such identifiers; and
having the server use the temporary operating system user identifier to assume the user'"'"'s identity to service the request.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment. The distributed computing environment includes a security service for returning a credential to a user authenticated to access the distributed file system. The method preferably operates within the context of a native operating system environment such as “Windows NT”. Upon initialization of the Web server, a session manager creates a pool of temporary Windows NT user identities. In response to a Web client browser request, a temporary NT user identity is associated with proper DCE credentials. A server process then impersonates the returned NT user identity on a thread which is attempting to access the requested resource.
-
Citations
35 Claims
-
1. A method of enabling a server supporting a closed native operating system to impersonate a user of a client to obtain a resource located in a file system of a distributed computer environment, the distributed computer environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:
-
in response to a request from the user to access the resource, obtaining a credential from the security service;
associating the credential to a temporary operating system user identifier selected from a pool of such identifiers; and
having the server use the temporary operating system user identifier to assume the user'"'"'s identity to service the request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
prompting the user to enter a userid and password associated with the distributed computing environment; and
using the userid and password to obtain the credential.
-
-
7. The method as described in claim 1 further including the step of creating the pool of temporary operating system user identifiers.
-
8. The method as described in claim 7 wherein the associating step includes the steps of:
-
selecting an unused temporary operating system user identifier from the pool; and
identifying the selected temporary operating system user identifier as in use.
-
-
9. The method as described in claim 8 further including the step of returning the selected temporary operating system identifier back to the pool after the request is serviced.
-
10. A method of enabling a Web server to impersonate a user of a client to obtain a Web document located in a distributed file system of a distributed computer environment, the client and server supporting a closed native operating system, and the distributed computer environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:
-
creating a pool of temporary native operating system user identifiers;
in response to a request from the user to access the Web document, obtaining a credential from the security service;
associating the credential to a temporary native operating system user identifier selected from a pool; and
having the Web server use the temporary native operating system user identifier to assume the user'"'"'s identity to service the request. - View Dependent Claims (11, 12, 13, 14, 15, 16)
adding a key to a registry of the native operating system identifying a name of the temporary native operating system user; and
adding a value to the registry representing a path to a file supporting the credential.
-
-
12. The method as described in claim 11 wherein the closed native operating system is Windows NT.
-
13. The method as described in claim 12 wherein the distributed file system is Open Group Distributed File Services (DFS).
-
14. The method as described in claim 10 wherein the step of obtaining the credential includes the steps of:
-
prompting the user to enter a userid and password associated with the distributed computing environment; and
performing a programmatic login to the security service using the userid and password to obtain the credential.
-
-
15. The method as described in claim 10 wherein the associating step includes the steps of:
-
selecting an unused temporary native operating system user identifier from the pool; and
identifying the selected temporary native operating system user identifier as in use.
-
-
16. The method as described in claim 15 further including the step of returning the selected temporary native operating system user identifier back to the pool after the request is serviced.
-
17. A method of enabling a Web server supporting a closed native operating system to impersonate a user of client to obtain a Web document located in a distributed file system of a distributed computer environment, the distributed computer environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising the steps of:
-
in response to a request from the user to access the Web document, setting up a temporary user identity with a credential; and
having the Web server use the temporary user identity to assume the user'"'"'s identity to service the request. - View Dependent Claims (18, 19)
prompting the user to enter a userid and password associated with the distributed computing environment;
performing a login to the security service using the userid and password to obtain the credential;
selecting an unused user identity from a pool of temporary user identities;
identifying the selected user identity as in use;
adding a key to a registry which identifies the temporary user identity; and
adding a value to the registry specifying a path to a file supporting the credential.
-
-
19. The method as described in claim 18 further including the step of returning the selected user identity back to the pool after the request is serviced.
-
20. A method of impersonating a user identity, comprising the steps of:
-
creating a pool of userids for a first operating system for use by a managing process;
selecting a userid from the pool and marking the userid as in use;
creating a credential file for a first process;
adding the selected userid to a registry of userids for the first operating system;
associating the selected userid to the credential file; and
using the selected userid and the credential file to impersonate a user identity in the first operating system.
-
-
21. A computer program product in a computer readable medium for use in obtaining a protected file in a computer network having a client and a server each of which support a closed native operating system, the server connectable to a file system of a distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, the computer program product comprising:
-
means, responsive to a service request from a user of a process on the client, for associating a temporary closed native operating system user identity with a credential returned from the security service; and
means for controlling the server to use the temporary closed native operating system user identity to assume the user'"'"'s identity to service the request. - View Dependent Claims (22, 23, 24, 25, 26, 27, 30, 31, 32)
-
-
28. A computer program product for enabling a Web server supporting a closed native operating system to impersonate a user of a client to obtain a Web document located in a distributed file system of a distributed computer environment, the distributed computer environment including a security service for returning a credential to a user authenticated to access the distributed file system, the computer program product comprising:
-
means for creating a pool of temporary user identities;
means responsive to a request from a user of a browser of the Web client for prompting the user to enter a userid and password associated with the distributed computing environment;
means for performing a login to the security service using the userid and password to obtain a credential;
means for selecting an unused user identity from the pool of temporary user identities;
means for identifying the selected user identity as in use;
means for adding a key to a registry identifying the temporary user identity; and
means for adding a value to the registry specifying a path to a file supporting the credential; and
means for returning the selected user identity back to the pool after the request is serviced.
-
-
29. A computer connectable to a distributed computing environment including a security service for returning a credential to a user authenticated to access the distributed file system, comprising:
-
a processor;
a closed native operating system;
a Web server program for providing World Wide Web information retrieval to Web clients connectable to the Web server program via a computer network;
a server plug-in for authenticating Web clients to the Web server program, comprising;
means, responsive to a service request from a user of a browser on the Web client, for associating a temporary native operating system user identity with a credential returned from the security service; and
means for controlling the Web server to use the temporary native operating system user identity to assume the user'"'"'s identity to service the request. - View Dependent Claims (33, 34, 35)
-
Specification