Web Interface vs StoreFront logon process

/, XenDesktop/Web Interface vs StoreFront logon process

Web Interface vs StoreFront logon process

Share this post

The user logon workflow (logon process) in StoreFront is different to Web Interface. The detailed description of the logon process is shown in Table 1.

Figure 1

Figure 1

StepWeb InterfaceStoreFront
1User enters username and password. This is sent to the Web Interface server.User enters username and password. This is sent to the StoreFront server.
2The authentication service of StoreFront fetches the user credentials and validates them with a domain controller. StoreFront servers must reside either within the Active Directory domain containing the user accounts or within a domain that has a trust relationship with the user accounts domain. All the StoreFront servers in a group must reside within the same domain.
3StoreFront checks the data store for existing user subscriptions and stores them in memory.
4Web Interface forwards the user credentials as part of a XML query to XenApp or XenDesktop sequentially. In this case, the credentials are sent to the XenDesktop Controller which is the sole resource configured. StoreFront forwards the user credentials as part of a XML query to the backend systems, such as XenApp, XenDesktop, App Controller or VDI-in-a-Box sequentially. In this case the credentials are sent to the XenDesktop Controller which is the sole resource configured.
5The XenDesktop Controller validates the user credentials with a domain controller.
6After a successful validation the XenDesktop Controller checks which resources have been published to this user within its database.
7The XenDesktop Controller sends an XML response to Web Interface / StoreFront which contains all resources available for the user from the XenDesktop site.
8Web Interface displays the available resources.StoreFront sends the list of available resources including the existing subscriptions to the Citrix Receiver installed locally or displays them in Receiver for Web.
9Now the user can start a resource.

 

By | 2016-12-18T19:21:35+00:00 April 18th, 2014|StoreFront, XenDesktop|8 Comments

About the Author:

I’m a Citrix Architect with 17 years experience in Microsoft and Citrix infrastructure. I have been working with Citrix since Metaframe 1.8 and my primary focus is on Server, Desktop and Application virtualisation with a preference for Citrix products. I’m an enthusiast of Citrix XenDesktop and Provisioning Server.

8 Comments

  1. Riccardo May 22, 2014 at 6:31 am - Reply

    Do you know if is possible to use Receiver 4.1 with webinterface?
    Thanks,
    Riccardo

    • Andrzej Gołębiowski May 22, 2014 at 10:36 am - Reply

      I tested Receiver 4.1 with webinterface 5.4 and in documentation only this version is mentioned.
      I haven’t tried to use it with lower versions.

      Hope this helps.
      Andrzej

    • Xencerra March 24, 2015 at 6:02 pm - Reply

      Yes Riccardo, Works fine without any problem, I used Citrix Receiver with web interface 5.4 and lower.

      Regards…

  2. Koushik March 25, 2015 at 6:11 pm - Reply

    Hi,
    Any reason why there are 2 times authentication taking place.. Step 2 “The authentication service of StoreFront fetches the user credentials and validates them with a domain controller” Again in step 5 the “xendesktop controller validates the user credentials with the domain controller”.
    Any reason behind this?

    Thanks,
    Koushik

  3. Kannan July 5, 2015 at 6:42 am - Reply

    Hi Andrzej,

    I have been reading your blogs for a long time. I was impressed by your article explaining ” Multistream ICA”.

    I am new to Citrix Xenapp 7.6 and trying to understand the work flow. I am a Xenapp admin and have no exposure to Xendesktops. Can you help me please ? I have been searching articles related to it but in vain.

  4. Rahul November 17, 2015 at 6:17 pm - Reply

    Hi Andrzej,

    I have the same question “why there are 2 times authentication taking place.. Step 2 “The authentication service of StoreFront fetches the user credentials and validates them with a domain controller” Again in step 5 the “xendesktop controller validates the user credentials with the domain controller”.

    Regards
    Rahul

    • HANSEL DSOUZA March 18, 2016 at 11:58 pm - Reply

      Hi Rahul, the difference between the 2 is this: Storefront takes the user credentials (during initial login) and it’s authentication service communicates with a Domain Controller & AUTHENTICATES it. Once Authenticated, Storefront then passes the information to a Delivery Controller, via an XML query. The Delivery Controller takes this and VERIFIES details with a Domain Controller. This step is Not authentication, as here the policies and membership of the authenticated user is checked and verified. Hope this clears things for you.

Leave A Comment

To protect our website from spam. * Time limit is exhausted. Please reload the CAPTCHA.