Improving the Logon Architecture

When a user logs on to Windows, they are given access to local resources and, in Active Directory environments, network resources. Today, companies are asking for more than just a username and password. They require multifactor authentication that uses both a password and a smart card, biometric identification, or a one-time password token. With Windows XP and earlier versions, implementing custom authentication methods required developers to rewrite the Graphical Identification and Authentication (GINA) interface. In addition, Windows XP only supported one GINA at a time.

When Windows Vista was on the drawing board, much effort went into redesigning the logon architecture. The logon architecture is the grouping of systems and subsystems that allow you to log on to your workstation. With Windows Vista, the new logon architecture provides enhanced security benefits. Besides offering an improved, stable, and more reliable logon experience, Microsoft has completely rewritten the logon architecture to ensure any services or functions not directly related to the logon process are now removed and used in other subsystems within Windows Vista.

The logon architecture has been designed to facilitate more secure forms of authentication, such as smart cards and/or biometrics, to name a few. With this redevelopment, Microsoft made sure there was a stronger level of security that could be used when a user logged on to a system. Because the logon architecture has been extended to meet new security demands, developers can now easily work with new credential types by using the new Credential...