|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
AuthenticateAsServer/AuthenticateAsClient ProtectionLevel and idenI am using AuthenticateAsServer and AuthenticateAsClient between a TCPClient
and TCPListener on two different XP Pro PC's running under a workgroup. 1. The server throws the following exception if ProtectionLevel is set to EncryptAndSign on both PC's. 'A security requirement was not fulfilled during authentication. Required: Sign, negotiated: EncryptAndSign.' Everything works fine if the ProtectionLevel is set to Sign. 2. The server always authenticates the client as Guest. Could someone please tell me what I'm missing or doing wrong. Is an SSLStream required in order to use the ProtectionLevel.EncryptAndSign Thanks Hi,
that's a credential problem a) client and server need mirrored accounts (same username/password on both machines) b) or you have to pass a NetworkCredential to AuthenticateAsClient NetworkCredential cred = new NetworkCredential("user", "password", "machine"); negotiateStream.AuthenticateAsClient(cred, string.Empty); http://www.leastprivilege.com/NegotiateStreamAndNTLM.aspx --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > I am using AuthenticateAsServer and AuthenticateAsClient between a > TCPClient > and TCPListener on two different XP Pro PC's running under a > workgroup. > 1. The server throws the following exception if ProtectionLevel is > set to > EncryptAndSign on both PC's. 'A security requirement was not > fulfilled > during authentication. Required: Sign, negotiated: EncryptAndSign.' > Everything works fine if the ProtectionLevel is set to Sign. > 2. The server always authenticates the client as Guest. > Could someone please tell me what I'm missing or doing wrong. Is an > SSLStream required in order to use the ProtectionLevel.EncryptAndSign > Thanks I probably should have included some code. I am using NetworkCredential
However, I am probably not using it correctly. TestLogin is an account on the Server. I have tried various user name/ password combinations Below is a code sample public void AuthenticationRequest() { try { NetworkCredential cred = new NetworkCredential(@"TestLogin", "testlogin", ""); NegotiateStream authStream = new NegotiateStream(_networkStream, true); authStream.AuthenticateAsClient(cred, String.Empty, ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.Identification); Debugger.Break(); } catch (Exception ex) { Debug.WriteLine(ex.Message); Debugger.Break(); } byte[] message = Encoding.UTF8.GetBytes("Hello from the client."); } public void AuthenticateClient() { NegotiateStream authStream = new NegotiateStream(_networkStream, true); // Listen for the client authentication request. try { NetworkCredential cred = (NetworkCredential)CredentialCache.DefaultCredentials; authStream.AuthenticateAsServer(cred, ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.None); } catch (AuthenticationException e) { Debugger.Break(); return; } catch (Exception e) { Debugger.Break(); return; } // Display properties of the authenticated client. IIdentity id = authStream.RemoteIdentity; Debug.WriteLine(String.Format("{0} was authenticated using {1}.",id.Name,id.AuthenticationType)); // Finished with the current client. authStream.Close(); } AuthenticationRequest() is called on the client and AuthenticateClient() is called on the server. Show quoteHide quote "Dominick Baier [DevelopMentor]" wrote: > Hi, > > that's a credential problem > > a) client and server need mirrored accounts (same username/password on both > machines) > b) or you have to pass a NetworkCredential to AuthenticateAsClient > > > NetworkCredential cred = new NetworkCredential("user", "password", "machine"); > negotiateStream.AuthenticateAsClient(cred, string.Empty); > > http://www.leastprivilege.com/NegotiateStreamAndNTLM.aspx > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > I am using AuthenticateAsServer and AuthenticateAsClient between a > > TCPClient > > and TCPListener on two different XP Pro PC's running under a > > workgroup. > > 1. The server throws the following exception if ProtectionLevel is > > set to > > EncryptAndSign on both PC's. 'A security requirement was not > > fulfilled > > during authentication. Required: Sign, negotiated: EncryptAndSign.' > > Everything works fine if the ProtectionLevel is set to Sign. > > 2. The server always authenticates the client as Guest. > > Could someone please tell me what I'm missing or doing wrong. Is an > > SSLStream required in order to use the ProtectionLevel.EncryptAndSign > > Thanks > > > Hi,
you are not specifying the machine name in the NetworkCredential you create... --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > I probably should have included some code. I am using > NetworkCredential However, I am probably not using it correctly. > TestLogin is an account on the Server. I have tried various user > name/ password combinations Below is a code sample > > public void AuthenticationRequest() > { > try > { > NetworkCredential cred = new > NetworkCredential(@"TestLogin", > "testlogin", ""); > NegotiateStream authStream = new > NegotiateStream(_networkStream, true); > authStream.AuthenticateAsClient(cred, String.Empty, > ProtectionLevel.EncryptAndSign, > TokenImpersonationLevel.Identification); > Debugger.Break(); > } > catch (Exception ex) > { > Debug.WriteLine(ex.Message); > Debugger.Break(); > } > byte[] message = Encoding.UTF8.GetBytes("Hello from the > client."); > } > public void AuthenticateClient() > { > NegotiateStream authStream = new > NegotiateStream(_networkStream, > true); > // Listen for the client authentication request. > try > { > NetworkCredential cred = > (NetworkCredential)CredentialCache.DefaultCredentials; > authStream.AuthenticateAsServer(cred, > ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.None); > } > catch (AuthenticationException e) > { > Debugger.Break(); > return; > } > catch (Exception e) > { > Debugger.Break(); > return; > } > // Display properties of the authenticated client. > IIdentity id = authStream.RemoteIdentity; > Debug.WriteLine(String.Format("{0} was authenticated using > {1}.",id.Name,id.AuthenticationType)); > // Finished with the current client. > authStream.Close(); > } > AuthenticationRequest() is called on the client and > AuthenticateClient() is called on the server. "Dominick Baier > [DevelopMentor]" wrote: > >> Hi, >> >> that's a credential problem >> >> a) client and server need mirrored accounts (same username/password >> on both >> machines) >> b) or you have to pass a NetworkCredential to AuthenticateAsClient >> NetworkCredential cred = new NetworkCredential("user", "password", >> "machine"); negotiateStream.AuthenticateAsClient(cred, string.Empty); >> >> http://www.leastprivilege.com/NegotiateStreamAndNTLM.aspx >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> I am using AuthenticateAsServer and AuthenticateAsClient between a >>> TCPClient >>> and TCPListener on two different XP Pro PC's running under a >>> workgroup. >>> 1. The server throws the following exception if ProtectionLevel is >>> set to >>> EncryptAndSign on both PC's. 'A security requirement was not >>> fulfilled >>> during authentication. Required: Sign, negotiated: EncryptAndSign.' >>> Everything works fine if the ProtectionLevel is set to Sign. >>> 2. The server always authenticates the client as Guest. >>> Could someone please tell me what I'm missing or doing wrong. Is an >>> SSLStream required in order to use the >>> ProtectionLevel.EncryptAndSign >>> Thanks That did not help. I wrote a sample program so that I can change the
username, password, machine name, protection level impersonation at will. Same result. I've try all possible combinations with the same result. Could I have something set incorrectly in the XP OS that is causing this? Show quoteHide quote "Dominick Baier [DevelopMentor]" wrote: > Hi, > > you are not specifying the machine name in the NetworkCredential you create... > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > I probably should have included some code. I am using > > NetworkCredential However, I am probably not using it correctly. > > TestLogin is an account on the Server. I have tried various user > > name/ password combinations Below is a code sample > > > > public void AuthenticationRequest() > > { > > try > > { > > NetworkCredential cred = new > > NetworkCredential(@"TestLogin", > > "testlogin", ""); > > NegotiateStream authStream = new > > NegotiateStream(_networkStream, true); > > authStream.AuthenticateAsClient(cred, String.Empty, > > ProtectionLevel.EncryptAndSign, > > TokenImpersonationLevel.Identification); > > Debugger.Break(); > > } > > catch (Exception ex) > > { > > Debug.WriteLine(ex.Message); > > Debugger.Break(); > > } > > byte[] message = Encoding.UTF8.GetBytes("Hello from the > > client."); > > } > > public void AuthenticateClient() > > { > > NegotiateStream authStream = new > > NegotiateStream(_networkStream, > > true); > > // Listen for the client authentication request. > > try > > { > > NetworkCredential cred = > > (NetworkCredential)CredentialCache.DefaultCredentials; > > authStream.AuthenticateAsServer(cred, > > ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.None); > > } > > catch (AuthenticationException e) > > { > > Debugger.Break(); > > return; > > } > > catch (Exception e) > > { > > Debugger.Break(); > > return; > > } > > // Display properties of the authenticated client. > > IIdentity id = authStream.RemoteIdentity; > > Debug.WriteLine(String.Format("{0} was authenticated using > > {1}.",id.Name,id.AuthenticationType)); > > // Finished with the current client. > > authStream.Close(); > > } > > AuthenticationRequest() is called on the client and > > AuthenticateClient() is called on the server. "Dominick Baier > > [DevelopMentor]" wrote: > > > >> Hi, > >> > >> that's a credential problem > >> > >> a) client and server need mirrored accounts (same username/password > >> on both > >> machines) > >> b) or you have to pass a NetworkCredential to AuthenticateAsClient > >> NetworkCredential cred = new NetworkCredential("user", "password", > >> "machine"); negotiateStream.AuthenticateAsClient(cred, string.Empty); > >> > >> http://www.leastprivilege.com/NegotiateStreamAndNTLM.aspx > >> > >> --------------------------------------- > >> Dominick Baier - DevelopMentor > >> http://www.leastprivilege.com > >>> I am using AuthenticateAsServer and AuthenticateAsClient between a > >>> TCPClient > >>> and TCPListener on two different XP Pro PC's running under a > >>> workgroup. > >>> 1. The server throws the following exception if ProtectionLevel is > >>> set to > >>> EncryptAndSign on both PC's. 'A security requirement was not > >>> fulfilled > >>> during authentication. Required: Sign, negotiated: EncryptAndSign.' > >>> Everything works fine if the ProtectionLevel is set to Sign. > >>> 2. The server always authenticates the client as Guest. > >>> Could someone please tell me what I'm missing or doing wrong. Is an > >>> SSLStream required in order to use the > >>> ProtectionLevel.EncryptAndSign > >>> Thanks > > > Hi,
i think the Sign/Encrypt settings are a secondary problem - you first have to get rid of the 'guest' login. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > That did not help. I wrote a sample program so that I can change the > username, password, machine name, protection level impersonation at > will. Same result. I've try all possible combinations with the same > result. Could I have something set incorrectly in the XP OS that is > causing this? > > "Dominick Baier [DevelopMentor]" wrote: > >> Hi, >> >> you are not specifying the machine name in the NetworkCredential you >> create... >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> I probably should have included some code. I am using >>> NetworkCredential However, I am probably not using it correctly. >>> TestLogin is an account on the Server. I have tried various user >>> name/ password combinations Below is a code sample >>> >>> public void AuthenticationRequest() >>> { >>> try >>> { >>> NetworkCredential cred = new >>> NetworkCredential(@"TestLogin", >>> "testlogin", ""); >>> NegotiateStream authStream = new >>> NegotiateStream(_networkStream, true); >>> authStream.AuthenticateAsClient(cred, String.Empty, >>> ProtectionLevel.EncryptAndSign, >>> TokenImpersonationLevel.Identification); >>> Debugger.Break(); >>> } >>> catch (Exception ex) >>> { >>> Debug.WriteLine(ex.Message); >>> Debugger.Break(); >>> } >>> byte[] message = Encoding.UTF8.GetBytes("Hello from the >>> client."); >>> } >>> public void AuthenticateClient() >>> { >>> NegotiateStream authStream = new >>> NegotiateStream(_networkStream, >>> true); >>> // Listen for the client authentication request. >>> try >>> { >>> NetworkCredential cred = >>> (NetworkCredential)CredentialCache.DefaultCredentials; >>> authStream.AuthenticateAsServer(cred, >>> ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.None); >>> } >>> catch (AuthenticationException e) >>> { >>> Debugger.Break(); >>> return; >>> } >>> catch (Exception e) >>> { >>> Debugger.Break(); >>> return; >>> } >>> // Display properties of the authenticated client. >>> IIdentity id = authStream.RemoteIdentity; >>> Debug.WriteLine(String.Format("{0} was authenticated using >>> {1}.",id.Name,id.AuthenticationType)); >>> // Finished with the current client. >>> authStream.Close(); >>> } >>> AuthenticationRequest() is called on the client and >>> AuthenticateClient() is called on the server. "Dominick Baier >>> [DevelopMentor]" wrote: >>>> Hi, >>>> >>>> that's a credential problem >>>> >>>> a) client and server need mirrored accounts (same username/password >>>> on both >>>> machines) >>>> b) or you have to pass a NetworkCredential to AuthenticateAsClient >>>> NetworkCredential cred = new NetworkCredential("user", "password", >>>> "machine"); negotiateStream.AuthenticateAsClient(cred, >>>> string.Empty); >>>> http://www.leastprivilege.com/NegotiateStreamAndNTLM.aspx >>>> >>>> --------------------------------------- >>>> Dominick Baier - DevelopMentor >>>> http://www.leastprivilege.com >>>>> I am using AuthenticateAsServer and AuthenticateAsClient between a >>>>> TCPClient >>>>> and TCPListener on two different XP Pro PC's running under a >>>>> workgroup. >>>>> 1. The server throws the following exception if ProtectionLevel >>>>> is >>>>> set to >>>>> EncryptAndSign on both PC's. 'A security requirement was not >>>>> fulfilled >>>>> during authentication. Required: Sign, negotiated: >>>>> EncryptAndSign.' >>>>> Everything works fine if the ProtectionLevel is set to Sign. >>>>> 2. The server always authenticates the client as Guest. >>>>> Could someone please tell me what I'm missing or doing wrong. Is >>>>> an >>>>> SSLStream required in order to use the >>>>> ProtectionLevel.EncryptAndSign >>>>> Thanks Here is what I have tried.
-- Client PC existing user account operating under account Brian Visual Studio 2003 and 2005 OS:'XP Pro' Machine Name:'development' User Name:'Brian' Password:'mypassword' -- Server PC existing user account operating under account Brian OS:'XP Pro' Machine Name:'dualtest' User Name:'Brian' Password:'mypassword'. Visual Studio 2005. Both machines operate outside of a domain behind a firewall and neither is a virtual pc. Listed below are the various NetworkCredential settings I have tried I always get logged in a guest. 1. - Client - NetworkCredential(@"Brian","mypassword", "development"); - Server - NetworkCredential(@"Brian","mypassword", "dualtest"); 2. - Client - NetworkCredential(@"Brian","mypassword", "dualtest"); - Server - NetworkCredential(@"Brian","mypassword", "dualtest"); 3. - Client - NetworkCredential(@"Brian","mypassword", "development"); - Server - NetworkCredential(@"Brian","mypassword", "development"); 4. - Client - NetworkCredential(@"Brian","mypassword", "dualtest"); - Server - NetworkCredential(@"Brian","mypassword", "development"); Anyway if I can't lick this one I'll try another approach. Thanks for you help. Brian Show quoteHide quote "Dominick Baier [DevelopMentor]" wrote: > Hi, > > i think the Sign/Encrypt settings are a secondary problem - you first have > to get rid of the 'guest' login. > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > That did not help. I wrote a sample program so that I can change the > > username, password, machine name, protection level impersonation at > > will. Same result. I've try all possible combinations with the same > > result. Could I have something set incorrectly in the XP OS that is > > causing this? > > > > "Dominick Baier [DevelopMentor]" wrote: > > > >> Hi, > >> > >> you are not specifying the machine name in the NetworkCredential you > >> create... > >> > >> --------------------------------------- > >> Dominick Baier - DevelopMentor > >> http://www.leastprivilege.com > >>> I probably should have included some code. I am using > >>> NetworkCredential However, I am probably not using it correctly. > >>> TestLogin is an account on the Server. I have tried various user > >>> name/ password combinations Below is a code sample > >>> > >>> public void AuthenticationRequest() > >>> { > >>> try > >>> { > >>> NetworkCredential cred = new > >>> NetworkCredential(@"TestLogin", > >>> "testlogin", ""); > >>> NegotiateStream authStream = new > >>> NegotiateStream(_networkStream, true); > >>> authStream.AuthenticateAsClient(cred, String.Empty, > >>> ProtectionLevel.EncryptAndSign, > >>> TokenImpersonationLevel.Identification); > >>> Debugger.Break(); > >>> } > >>> catch (Exception ex) > >>> { > >>> Debug.WriteLine(ex.Message); > >>> Debugger.Break(); > >>> } > >>> byte[] message = Encoding.UTF8.GetBytes("Hello from the > >>> client."); > >>> } > >>> public void AuthenticateClient() > >>> { > >>> NegotiateStream authStream = new > >>> NegotiateStream(_networkStream, > >>> true); > >>> // Listen for the client authentication request. > >>> try > >>> { > >>> NetworkCredential cred = > >>> (NetworkCredential)CredentialCache.DefaultCredentials; > >>> authStream.AuthenticateAsServer(cred, > >>> ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.None); > >>> } > >>> catch (AuthenticationException e) > >>> { > >>> Debugger.Break(); > >>> return; > >>> } > >>> catch (Exception e) > >>> { > >>> Debugger.Break(); > >>> return; > >>> } > >>> // Display properties of the authenticated client. > >>> IIdentity id = authStream.RemoteIdentity; > >>> Debug.WriteLine(String.Format("{0} was authenticated using > >>> {1}.",id.Name,id.AuthenticationType)); > >>> // Finished with the current client. > >>> authStream.Close(); > >>> } > >>> AuthenticationRequest() is called on the client and > >>> AuthenticateClient() is called on the server. "Dominick Baier > >>> [DevelopMentor]" wrote: > >>>> Hi, > >>>> > >>>> that's a credential problem > >>>> > >>>> a) client and server need mirrored accounts (same username/password > >>>> on both > >>>> machines) > >>>> b) or you have to pass a NetworkCredential to AuthenticateAsClient > >>>> NetworkCredential cred = new NetworkCredential("user", "password", > >>>> "machine"); negotiateStream.AuthenticateAsClient(cred, > >>>> string.Empty); > >>>> http://www.leastprivilege.com/NegotiateStreamAndNTLM.aspx > >>>> > >>>> --------------------------------------- > >>>> Dominick Baier - DevelopMentor > >>>> http://www.leastprivilege.com > >>>>> I am using AuthenticateAsServer and AuthenticateAsClient between a > >>>>> TCPClient > >>>>> and TCPListener on two different XP Pro PC's running under a > >>>>> workgroup. > >>>>> 1. The server throws the following exception if ProtectionLevel > >>>>> is > >>>>> set to > >>>>> EncryptAndSign on both PC's. 'A security requirement was not > >>>>> fulfilled > >>>>> during authentication. Required: Sign, negotiated: > >>>>> EncryptAndSign.' > >>>>> Everything works fine if the ProtectionLevel is set to Sign. > >>>>> 2. The server always authenticates the client as Guest. > >>>>> Could someone please tell me what I'm missing or doing wrong. Is > >>>>> an > >>>>> SSLStream required in order to use the > >>>>> ProtectionLevel.EncryptAndSign > >>>>> Thanks > > > hi,
not sure whats wrong - this works for me client: ..... negotiateStream = new NegotiateStream(client.GetStream()); // this is a valid account on the server machine NetworkCredential cred = new NetworkCredential("user", "xxx", "server"); negotiateStream.AuthenticateAsClient(cred, string.Empty); if (negotiateStream.IsAuthenticated) { Console.WriteLine( "IsAuthenticated: {0}", negotiateStream.IsAuthenticated); Console.WriteLine( "IsMutuallyAuthenticated: {0}", negotiateStream.IsMutuallyAuthenticated); Console.WriteLine( "IsEncrypted: {0}", negotiateStream.IsEncrypted); Console.WriteLine( "IsSigned: {0}", negotiateStream.IsSigned); Console.WriteLine( "IsServer: {0}", negotiateStream.IsServer); } server: TcpClient client = server.AcceptTcpClient(); Console.WriteLine("Connected!"); data = null; // Get a stream object for reading and writing // Wrap it in a NegotiateStream. negotiateStream = new NegotiateStream(client.GetStream()); negotiateStream.AuthenticateAsServer(); if (negotiateStream.IsAuthenticated) { Console.WriteLine( "IsAuthenticated: {0}", negotiateStream.IsAuthenticated); Console.WriteLine( "IsMutuallyAuthenticated: {0}", negotiateStream.IsMutuallyAuthenticated); Console.WriteLine( "IsEncrypted: {0}", negotiateStream.IsEncrypted); Console.WriteLine( "IsSigned: {0}", negotiateStream.IsSigned); Console.WriteLine( "IsServer: {0}", negotiateStream.IsServer); IIdentity remoteIdentity = negotiateStream.RemoteIdentity; Console.WriteLine( "Client identity: {0}", remoteIdentity.Name); Console.WriteLine( "Authentication Type: {0}", remoteIdentity.AuthenticationType); } --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Here is what I have tried. > > Listed below are the various NetworkCredential settings I have tried I > always get logged in a guest. > 1. > - Client - NetworkCredential(@"Brian","mypassword", "development"); > - Server - NetworkCredential(@"Brian","mypassword", "dualtest"); > 2. > - Client - NetworkCredential(@"Brian","mypassword", "dualtest"); > - Server - NetworkCredential(@"Brian","mypassword", "dualtest"); > 3. > - Client - NetworkCredential(@"Brian","mypassword", "development"); > - Server - NetworkCredential(@"Brian","mypassword", "development"); > 4. > - Client - NetworkCredential(@"Brian","mypassword", "dualtest"); > - Server - NetworkCredential(@"Brian","mypassword", "development"); > Anyway if I can't lick this one I'll try another approach. Thanks for > you > help. > Brian > "Dominick Baier [DevelopMentor]" wrote: > >> Hi, >> >> i think the Sign/Encrypt settings are a secondary problem - you first >> have to get rid of the 'guest' login. >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> That did not help. I wrote a sample program so that I can change >>> the username, password, machine name, protection level impersonation >>> at will. Same result. I've try all possible combinations with the >>> same result. Could I have something set incorrectly in the XP OS >>> that is causing this? >>> >>> "Dominick Baier [DevelopMentor]" wrote: >>> >>>> Hi, >>>> >>>> you are not specifying the machine name in the NetworkCredential >>>> you create... >>>> >>>> --------------------------------------- >>>> Dominick Baier - DevelopMentor >>>> http://www.leastprivilege.com >>>>> I probably should have included some code. I am using >>>>> NetworkCredential However, I am probably not using it correctly. >>>>> TestLogin is an account on the Server. I have tried various user >>>>> name/ password combinations Below is a code sample >>>>> >>>>> public void AuthenticationRequest() >>>>> { >>>>> try >>>>> { >>>>> NetworkCredential cred = new >>>>> NetworkCredential(@"TestLogin", >>>>> "testlogin", ""); >>>>> NegotiateStream authStream = new >>>>> NegotiateStream(_networkStream, true); >>>>> authStream.AuthenticateAsClient(cred, String.Empty, >>>>> ProtectionLevel.EncryptAndSign, >>>>> TokenImpersonationLevel.Identification); >>>>> Debugger.Break(); >>>>> } >>>>> catch (Exception ex) >>>>> { >>>>> Debug.WriteLine(ex.Message); >>>>> Debugger.Break(); >>>>> } >>>>> byte[] message = Encoding.UTF8.GetBytes("Hello from the >>>>> client."); >>>>> } >>>>> public void AuthenticateClient() >>>>> { >>>>> NegotiateStream authStream = new >>>>> NegotiateStream(_networkStream, >>>>> true); >>>>> // Listen for the client authentication request. >>>>> try >>>>> { >>>>> NetworkCredential cred = >>>>> (NetworkCredential)CredentialCache.DefaultCredentials; >>>>> authStream.AuthenticateAsServer(cred, >>>>> ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.None); >>>>> } >>>>> catch (AuthenticationException e) >>>>> { >>>>> Debugger.Break(); >>>>> return; >>>>> } >>>>> catch (Exception e) >>>>> { >>>>> Debugger.Break(); >>>>> return; >>>>> } >>>>> // Display properties of the authenticated client. >>>>> IIdentity id = authStream.RemoteIdentity; >>>>> Debug.WriteLine(String.Format("{0} was authenticated using >>>>> {1}.",id.Name,id.AuthenticationType)); >>>>> // Finished with the current client. >>>>> authStream.Close(); >>>>> } >>>>> AuthenticationRequest() is called on the client and >>>>> AuthenticateClient() is called on the server. "Dominick Baier >>>>> [DevelopMentor]" wrote: >>>>>> Hi, >>>>>> >>>>>> that's a credential problem >>>>>> >>>>>> a) client and server need mirrored accounts (same >>>>>> username/password >>>>>> on both >>>>>> machines) >>>>>> b) or you have to pass a NetworkCredential to >>>>>> AuthenticateAsClient >>>>>> NetworkCredential cred = new NetworkCredential("user", >>>>>> "password", >>>>>> "machine"); negotiateStream.AuthenticateAsClient(cred, >>>>>> string.Empty); >>>>>> http://www.leastprivilege.com/NegotiateStreamAndNTLM.aspx >>>>>> --------------------------------------- >>>>>> Dominick Baier - DevelopMentor >>>>>> http://www.leastprivilege.com >>>>>>> I am using AuthenticateAsServer and AuthenticateAsClient between >>>>>>> a >>>>>>> TCPClient >>>>>>> and TCPListener on two different XP Pro PC's running under a >>>>>>> workgroup. >>>>>>> 1. The server throws the following exception if ProtectionLevel >>>>>>> is >>>>>>> set to >>>>>>> EncryptAndSign on both PC's. 'A security requirement was not >>>>>>> fulfilled >>>>>>> during authentication. Required: Sign, negotiated: >>>>>>> EncryptAndSign.' >>>>>>> Everything works fine if the ProtectionLevel is set to Sign. >>>>>>> 2. The server always authenticates the client as Guest. >>>>>>> Could someone please tell me what I'm missing or doing wrong. >>>>>>> Is >>>>>>> an >>>>>>> SSLStream required in order to use the >>>>>>> ProtectionLevel.EncryptAndSign >>>>>>> Thanks
Show quote
Hide quote
"Brian" <Br***@discussions.microsoft.com> schreef in bericht Try to disable simple sharing on the machines.news:4619266A-6049-4095-882A-F9C6AD969986@microsoft.com... >I am using AuthenticateAsServer and AuthenticateAsClient between a >TCPClient > and TCPListener on two different XP Pro PC's running under a workgroup. > 1. The server throws the following exception if ProtectionLevel is set to > EncryptAndSign on both PC's. 'A security requirement was not fulfilled > during authentication. Required: Sign, negotiated: EncryptAndSign.' > Everything works fine if the ProtectionLevel is set to Sign. > 2. The server always authenticates the client as Guest. > Could someone please tell me what I'm missing or doing wrong. Is an > SSLStream required in order to use the ProtectionLevel.EncryptAndSign > Thanks Reg. Fred 
Other interesting topics
Running application in local intranet
HOWTO Run CASPOL for full trust on UserControl. .NET 2.0, X509Certificates and CRL Check DirectorySecurity and ACLs Security exception while opening an OleDBConnection CAS exception - crash verify write permission to a folder CAPICOM within .NET how to get the Process Username when "runas /netonly" Can't logon on withthe login control using SQL Server 2005 |
|||||||||||||||||||||||
