An enterprise may use a virtual private network (VPN) to protect one or more network resource. To access these VPN-protected resources through a web browser, a VPN gateway or other security device requires a remote user to supply credentials, e.g., a username and password. After the user supplies the credentials, the VPN gateway authenticates the user and establishes a secure session between the web browser and the VPN gateway.
Subsequently, the user may use the web browser to access the VPN-protected resources. In some instances, a resource may be associated with a network-enabled software application other than the web browser. In such an instance, the web browser may automatically launch the corresponding software application on the client device. As one example, if when using the web browser the user requests access to a document created in Word by Microsoft Corporation®, the web browser may automatically launch automatically launch Microsoft Word on the client device.
In many instances, the web browser launches the software application on the client device external to the secure session, i.e., external to the web browser. In this situation, the VPN gateway may demand that the user supply a username and password before allowing the network-enabled external application to access the VPN-protected resource. Thus, these solutions may require the user to reenter the username and password at least once for each external application launched from the web browser or other application.
In other prior art solutions the web browser creates a “persistent cookie” that may be shared across all software applications executing on the client device. In this approach the external applications access the “persistent cookie” to retrieve the username, password, and other credential information needed to establish a VPN connection between the external application and the VPN gateway. In this manner, the user is not forced to reenter his or her security credentials. However, these approaches present security issues because a malicious software application could access the credentials stored in the persistent cookie and establish a VPN connection surreptitiously.