This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!
Principal
A principal is a user or an agent that is acting on the user's behalf. NGWS runtime role-based security has support for three kinds of principals: unauthenticated, Windows, and custom principals.
- Generic principals represent unauthenticated users and the roles available to them.
- Windows principals represent Windows users and the roles (or the Windows NT/Windows 2000 groups) they are in. A Windows principal can impersonate another user, which means the principal can access a resource on a user's behalf while presenting the identity that belongs to that user.
- Custom principals can be defined by an application in whatever way that is needed for that particular application. They can extend the basic notion of the identity and the roles that the principal is in. However, the application must provide an authentication module and types that implement the principal.