Re: SSPI/NTLM between native code and managed code fails for Windows 2

I'm not sure what the problem is, but given that you are using a C# app here, did you consider using NegotiateStream directly on top of TcpClient or something like that in your managed code so that you could use Microsoft's SSPI/Negotiate wrapper instead of your own?

This doesn't address any potential issues in your native server, but might help and give you an opportunity to simplify your code base.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"jenny" <jenny@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:FC2425C5-A16C-4F1F-95B9-42C5B091C4F5@xxxxxxxxxxxxxxxx

I have an appliction that uses C++/CLI code for the client side of an NTLM
exchange, and native C++ code for the server side.

The server and client code run on different machines and use TCP/IP to throw
the "token" back and forth until authentication occurs.

This works with no problems under Windows 2003. And has worked for about a
year for us with no problems. However, under Windows 2008, the authentication
has stopped working *only* when C++/CLI code is interacting with native code.
Doesn't matter which machine is the target or which machine is the client.

The error code I am getting back from the server is: 0x80090308 (The token
supplied to the function is invalid). Also, AcceptSecurityContext(...)
returns: ASC_RET_THIRD_LEG_FAILED in the contextattributes.

The strange thing is, NTLM authentication still works if both the apps are
native (i.e. pure C++).

Actually, the be more accurate: a C# app calls into a C++/CLI native wrapper
library, that performs the NTLM authentication. The C# app is an MMC app.

NTLM
C# --> C++/CLI <------> Native C++ (Does not work)

NTLM
native C++ <-------> native C++ (works)


Under Windows 2003, there has never been a problem for over a year.

Question:

Can anyone think of a reason why this could be? I am totally mystified. Is
there anyway to emit more information about why the authentication failed.

Could managed code cause this kind of problem?

Thanks,

Jenny.






--
C/C++ Software Engineer


.

Relevant Pages

  • RE: Beginners Questions
    ... We do use Windows form on the presentation layer which is on ... terminal server and call web services on the business logic side. ... of using "proxy" authentication on SQL Server. ... > I have written an app with a Windows Forms UI that is deployed to clients ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: Login Security for Intranet/Internet application
    ... a standard intranet app. ... However, you may also want to support IWA authentication for internal users, ... if the application depends on Windows security ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Authentication Sharing Across Apps
    ... For my part "B" question that I had (Login App was not returning ... authentication to calling app), I found the solution. ... Basically, in both the Login App and Calling App Web.Config, I did ... authenticated connection with SQL server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: authentication problem
    ... > I'm developing an asp.net app on my local machine at home ... > the machine is part of a domain and running the app on my machine ... I went in and removed authentication all together and suddenly ... Sounds like your IIS Server (server running on your workstation, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: How to let users log on from internet with admin privilges?
    ... Check out this behavior when multithreading in a ASP.NET app. ... > security on their home server, so maybe I could just warn them about basic ... > authentication and recommend they buy a certificate and use SSL. ...
    (microsoft.public.dotnet.framework.aspnet.security)