To use authenticated RPC, a client passes its user security information to the run-time library. This security information is called the client credentials. The client run-time library forwards the credentials to the server run-time library which then passes it to the relevant security provider for verification. (In this version of Microsoft RPC, the NT Security Service is the only supported security provider. Other security providers may be added in the future.) When a call is made, the security provider ensures that the credentials are valid. If so, the server stub is called and the call proceeds. Otherwise, the client is denied access and the call fails.
Authenticated RPC involves a series of tasks performed by all servers every time a client tries to connect. The server must: