Desktop clients authentication

The TLS 1.2 protocol is being used.

Desktop clients work with .NET WCF with Windows Authentication which internally uses the Kerberos protocol.

More details can be found here:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc772815(v=ws.10)?redirectedfrom=MSDN

The following link describes .NET WCF transport security with Windows Authentication:

https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-windows-authentication

The communication utilizes the transport security mode which is described in the following link:

https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-overview#nettcpbinding

Please note that "If you are using Windows security, a certificate is not required."



Web Console authentication

The Web Console uses Integrated Windows Authentication which is the preferred approach to authentication whenever users are part of the same Windows domain as the server. Users are authenticated against an existing identity store such as Active Directory, and their credentials are not transmitted across the Internet. 

The following link describes the Windows Authentication HTTP request flow in IIS:

https://techcommunity.microsoft.com/t5/IIS-Support-Blog/Windows-Authentication-HTTP-Request-Flow-in-IIS/ba-p/324645

The session after the initial negotiation is handled securely by the Web browser and the Web server.