Re: .Net 2.0 signing TCP channel - examples or guidance?

Hello William Stacey [MVP],

ok -i figured it out - i am not sure if you can pass clear text credentials to AuthenticateAsClient - doesn't look like it -

what i did was to get a token for a valid remote user using LogonUser with the LogonType.LOGON32_LOGON_NEW_CREDENTIALS option -

then impersonate that token and call AuthenticateAsClient

if someone needs the full source code - ping me.


---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Thanks.  The reason I ask is I tried it once using xp pro as client
and server.   I could get default credentials to work, but could never
get username/password to work.  I asked around a couple times, but
never really got any joy.  Thanks Joe.  Maybe Dominick can post a
sample using username/password.  TIA

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:ek2pxEW$FHA.2944@xxxxxxxxxxxxxxxxxxxxxxx

With SSPI Negotiate auth, your machine does not need to be joined to
the domain if you have the plain text credentials needed to get the
Kerberos ticket from the KDC or do the NTLM exchange.  It does need
to be joined to the domain to use default credentials as I understand
it.

I'm still not totally up to speed on NegotiateStream, but I'm
guessing it supports the same functionality.  I'll bet Dominick knows
for sure by now.

Joe K.

"William Stacey [MVP]" <william.stacey@xxxxxxxxx> wrote in message
news:%23rgD26U$FHA.140@xxxxxxxxxxxxxxxxxxxxxxx

Does this mean the client needs to be joined to the domain?  I mean
can you have any arbitrary client that just "knows" the username and
password?

-- William Stacey [MVP]



.

Relevant Pages

  • Re: .Net 2.0 signing TCP channel - examples or guidance?
    ... Dominick Baier - DevelopMentor ... and server. ... I could get default credentials to work, but could never get username/password to work. ...
    (microsoft.public.dotnet.security)
  • Re: .Net 2.0 signing TCP channel - examples or guidance?
    ... I could get default credentials to work, ... > With SSPI Negotiate auth, your machine does not need to be joined to the ... I'll bet Dominick knows for sure by now. ... >> Does this mean the client needs to be joined to the domain? ...
    (microsoft.public.dotnet.security)
  • Re: Username/Password Issues
    ... > their PC at work and enters their Username/Password for their Work ... > it's using cached credentials instead of those programmed or entered. ... > happens when the client logs into the domain as a web-client, ... the host using credentials they physically type in, ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Drive mapping question
    ... Now, when you access the servers in your domain, Windows will provide your ... current Windows credentials rather then the stored username/password (which ... If you bump up the perms on the CIFS for testing purposes, ...
    (microsoft.public.windows.server.networking)
  • Re: New to Active Directory
    ... All permissions provide to the user are assigned via their ... domain credentials. ... A user will have a local workstation username/password. ... connect to Active Directory, ...
    (microsoft.public.windows.server.active_directory)