NegotiateStream and NTLM

A question from a newsgroup:

“I have two non-domain Windows XP machines – I want to use NegotiateStream to get an NTLM authenticated connection between the two – but I don’t have mirrored accounts – can I pass credentials to AuthenticateAsClient?”

Yes you can. You can create a NetworkCredential object that holds the username and password used for authentication. It is a little odd that the overload of AuthenticateAsClient also requires you to pass an SPN – which is not used for NTLM but for Kerberos. But it turns out that you can use string.empty for the SPN and NTLM with your supplied credentilas is used. Like this:

NetworkCredential cred = new NetworkCredential(“user”, “password”, “machine”);

negotiateStream.AuthenticateAsClient(cred, string.Empty);


This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s