Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / February 2006

Tip: Looking for answers? Try searching our database.

AuthenticateAsServer/AuthenticateAsClient ProtectionLevel and iden

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Brian - 09 Feb 2006 07:21 GMT
I am using AuthenticateAsServer and AuthenticateAsClient between a TCPClient
and TCPListener on two different XP Pro PC's running under a workgroup.  
1.  The server throws the following exception if ProtectionLevel is set to
EncryptAndSign on both PC's.  'A security requirement was not fulfilled
during authentication. Required: Sign, negotiated: EncryptAndSign.'  
Everything works fine if the ProtectionLevel is set to Sign.
2.  The server always authenticates the client as Guest.
Could someone please tell me what I'm missing or doing wrong.  Is an
SSLStream required in order to use the ProtectionLevel.EncryptAndSign
Thanks
Reply to this Message
Dominick Baier [DevelopMentor] - 09 Feb 2006 07:28 GMT
Hi,

that's a credential problem

a) client and server need mirrored accounts (same username/password on both
machines)
b) or you have to pass a NetworkCredential to AuthenticateAsClient

NetworkCredential cred = new NetworkCredential("user", "password", "machine");
negotiateStream.AuthenticateAsClient(cred, string.Empty);

http://www.leastprivilege.com/NegotiateStreamAndNTLM.aspx

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I am using AuthenticateAsServer and AuthenticateAsClient between a
> TCPClient
[quoted text clipped - 10 lines]
> SSLStream required in order to use the ProtectionLevel.EncryptAndSign
> Thanks
Reply to this Message
Brian - 09 Feb 2006 16:06 GMT
I probably should have included some code.  I am using NetworkCredential
However, I am probably not using it correctly.  TestLogin is an account on
the Server.  I have tried various user name/ password combinations Below is a
code sample

       public void AuthenticationRequest()
       {
           try
           {
               NetworkCredential cred = new NetworkCredential(@"TestLogin",
"testlogin", "");

               NegotiateStream authStream = new
NegotiateStream(_networkStream, true);
               authStream.AuthenticateAsClient(cred, String.Empty,
ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.Identification);
               Debugger.Break();
           }
           catch (Exception ex)
           {
               Debug.WriteLine(ex.Message);
               Debugger.Break();
           }  
           byte[] message = Encoding.UTF8.GetBytes("Hello from the client.");
       }
       public void AuthenticateClient()
       {
           NegotiateStream authStream = new NegotiateStream(_networkStream,
true);
           // Listen for the client authentication request.
           try
           {
               NetworkCredential cred =
(NetworkCredential)CredentialCache.DefaultCredentials;
               authStream.AuthenticateAsServer(cred,
ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.None);
           }
           catch (AuthenticationException e)
           {
               Debugger.Break();
               return;
           }
           catch (Exception e)
           {
               Debugger.Break();
               return;
           }
           // Display properties of the authenticated client.
           IIdentity id = authStream.RemoteIdentity;
           Debug.WriteLine(String.Format("{0} was authenticated using
{1}.",id.Name,id.AuthenticationType));
           // Finished with the current client.
           authStream.Close();
       }

AuthenticationRequest() is called on the client and AuthenticateClient() is
called on the server.

> Hi,
>
[quoted text clipped - 27 lines]
> > SSLStream required in order to use the ProtectionLevel.EncryptAndSign
> > Thanks
Reply to this Message
Dominick Baier [DevelopMentor] - 09 Feb 2006 17:20 GMT
Hi,

you are not specifying the machine name in the NetworkCredential you create...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I probably should have included some code.  I am using
> NetworkCredential However, I am probably not using it correctly.
[quoted text clipped - 88 lines]
>>> ProtectionLevel.EncryptAndSign
>>> Thanks
Reply to this Message
Brian - 10 Feb 2006 05:21 GMT
That did not help.  I wrote a sample program so that I can change the
username, password, machine name, protection level impersonation at will.  
Same result.  I've try all possible combinations with the same result.  Could
I have something set incorrectly in the XP OS that is causing this?

> Hi,
>
[quoted text clipped - 96 lines]
> >>> ProtectionLevel.EncryptAndSign
> >>> Thanks
Reply to this Message
Dominick Baier [DevelopMentor] - 10 Feb 2006 07:38 GMT
Hi,

i think the Sign/Encrypt settings are a secondary problem - you first have
to get rid of the 'guest' login.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> That did not help.  I wrote a sample program so that I can change the
> username, password, machine name, protection level impersonation at
[quoted text clipped - 104 lines]
>>>>> ProtectionLevel.EncryptAndSign
>>>>> Thanks
Reply to this Message
Brian - 10 Feb 2006 16:26 GMT
Here is what I have tried.
-- Client PC existing user account operating under account Brian
Visual Studio 2003 and 2005
OS:'XP Pro' Machine Name:'development' User Name:'Brian'
Password:'mypassword'
-- Server PC existing user account operating under account Brian
OS:'XP Pro' Machine Name:'dualtest' User Name:'Brian' Password:'mypassword'.
Visual Studio 2005.
Both machines operate outside of a domain behind a firewall and neither is a
virtual pc.

Listed below are the various NetworkCredential settings I have tried I
always get logged in a guest.
1.  
- Client  - NetworkCredential(@"Brian","mypassword", "development");
- Server - NetworkCredential(@"Brian","mypassword", "dualtest");
2.  
- Client  - NetworkCredential(@"Brian","mypassword", "dualtest");
- Server - NetworkCredential(@"Brian","mypassword", "dualtest");
3.  
- Client  - NetworkCredential(@"Brian","mypassword", "development");
- Server - NetworkCredential(@"Brian","mypassword", "development");
4.  
- Client  - NetworkCredential(@"Brian","mypassword", "dualtest");
- Server - NetworkCredential(@"Brian","mypassword", "development");

Anyway if I can't lick this one I'll try another approach.  Thanks for you
help.
Brian

> Hi,
>
[quoted text clipped - 113 lines]
> >>>>> ProtectionLevel.EncryptAndSign
> >>>>> Thanks
Reply to this Message
Dominick Baier [DevelopMentor] - 10 Feb 2006 16:43 GMT
hi,

not sure whats wrong - this works for me

client:

....

negotiateStream = new NegotiateStream(client.GetStream());

// this is a valid account on the server machine
               NetworkCredential cred = new NetworkCredential("user", "xxx",
"server");
               negotiateStream.AuthenticateAsClient(cred, string.Empty);

               if (negotiateStream.IsAuthenticated)
               {
                   Console.WriteLine(
                       "IsAuthenticated: {0}",
                       negotiateStream.IsAuthenticated);
                   Console.WriteLine(
                       "IsMutuallyAuthenticated: {0}",
                       negotiateStream.IsMutuallyAuthenticated);
                   Console.WriteLine(
                       "IsEncrypted: {0}",
                       negotiateStream.IsEncrypted);
                   Console.WriteLine(
                       "IsSigned: {0}",
                       negotiateStream.IsSigned);
                   Console.WriteLine(
                       "IsServer: {0}",
                       negotiateStream.IsServer);
               }

server:

TcpClient client = server.AcceptTcpClient();
                   Console.WriteLine("Connected!");

                   data = null;

                   // Get a stream object for reading and writing
                   // Wrap it in a NegotiateStream.
                   negotiateStream = new NegotiateStream(client.GetStream());
                   negotiateStream.AuthenticateAsServer();

                   if (negotiateStream.IsAuthenticated)
                   {
                       Console.WriteLine(
                           "IsAuthenticated: {0}",
                           negotiateStream.IsAuthenticated);
                       Console.WriteLine(
                           "IsMutuallyAuthenticated: {0}",
                           negotiateStream.IsMutuallyAuthenticated);
                       Console.WriteLine(
                           "IsEncrypted: {0}",
                           negotiateStream.IsEncrypted);
                       Console.WriteLine(
                           "IsSigned: {0}",
                           negotiateStream.IsSigned);
                       Console.WriteLine(
                           "IsServer: {0}",
                           negotiateStream.IsServer);
                       IIdentity remoteIdentity =
                           negotiateStream.RemoteIdentity;
                       Console.WriteLine(
                           "Client identity: {0}",
                           remoteIdentity.Name);
                       Console.WriteLine(
                           "Authentication Type: {0}",
                           remoteIdentity.AuthenticationType);
                   }

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Here is what I have tried.
>
[quoted text clipped - 137 lines]
>>>>>>> ProtectionLevel.EncryptAndSign
>>>>>>> Thanks
Reply to this Message
Fred - 22 Feb 2006 07:36 GMT
>I am using AuthenticateAsServer and AuthenticateAsClient between a
>TCPClient
[quoted text clipped - 7 lines]
> SSLStream required in order to use the ProtectionLevel.EncryptAndSign
> Thanks

Try to disable simple sharing on the machines.

Reg. Fred
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.