 | SSPIMechanism Enumeration |
Represents SSPI mechanism.
Namespace: Limilabs.Client.Authentication
Assembly: Mail (in Mail.dll) Version: 3.0.23341.1754
SyntaxMembers| Member name | Value | Description | |
|---|---|---|---|
| NTLM | 0 | NTLM mechanism. | |
| Kerberos | 1 | Kerberos mechanism. Kerberos is the technological successor to NTLM. | |
| Negotiate | 2 | Negotiate mechanism. Selects Kerberos and if not available, NTLM protocol. |
Remarks
SSPI authentication methods (NTLM, Kerberos, Negotiate) can work in two modes:
1. The user specifies their credentials explicitly (like other authentication methods work), and authentication token is created from them.
2. Integrated Windows Authentication (IWA).
The authentication token is created by Windows from the credentials of the currently logged Windows user.
The application never deals with the account password.
IWA mode provides increased security and spares the end user from entering their credentials.
IWA, however, cannot be used when the currently logged Windows user is not an interactive user.
In web applications, you often deal with system users (like NETWORK SERVICE, ASPNET, etc).
To be able to use IWA in an ASP.NET application, the application itself must run under the context of an interactive user
(<authentication mode="Windows"/> in web.config).
Also, the user from whose context the authentication token is constructed, must have a valid mailbox on the e-mail server.
This is important as even if the given user is registered in the Active Directory and can log in the domain,
it does not necessarily mean that the system has already provisioned their mailbox.
See Also