Once the user enters the credentials the authentication service of StoreFront fetches the user credentials and validates them with a domain controller. So the StoreFront servers must reside either within the Active Directory domain containing the user accounts or within a domain that has a trust relationship with the user accounts domain.
StoreFront checks the Datastore for existing user subscriptions and stores them in memory.
The Web Interface / StoreFront forwards the user credentials as part of a XML query to the backend systems, such as XenApp, XenDesktop, App Controller or VDI-in-a-Box sequentially.
The Citrix Delivery Controller validates the user credentials with a domain controller and checks which resources have been published to the user within its database.
The Citrix Delivery Controller sends an XML response to Web Interface / StoreFront which contains all resources available for the user from the Citrix site.
StoreFront sends the list of available resources and the existing subscriptions to the Citrix Receiver installed locally or displays them in Receiver for Web and the user can access the resource.
StoreFront 2.5 supports parallel resource enumeration. When enabled, StoreFront sends out enumeration requests to all farms/sites at the same time and aggregates responses when all farms/sites have responded. This should provide faster responses to user queries when aggregating multiple farms/sites. If explicit Active Directory credentials are used to authenticate users, StoreFront sends user credentials to the XenApp farms/XenDesktop sites. To minimize the risk of user accounts being locked out as a result of parallel enumeration, StoreFront validates user credentials with Active Directory immediately before sending out enumeration requests.
When user clicks on an application or desktop icon to launch it in Citrix website, a spinner is displayed and any clicks on the same icon are ignored while the spinner is spinning. Hence user cannot unintentionally launch multiple instances of the same application/desktop. The default time period for the spinner is fixed for three seconds and can be changed by editing custom.script.js in the contrib folder under the Receiver for Web site.