Namespace System.Net.Security

Class ExtendedProtection

Provides support for extended protection for providers that use the Windows Extended Protection for Application Servers architecture.

Summary

The ExtendedProtection class allows you to configure and manage extended protection settings for network communication within your .NET applications. This feature enhances security by binding network connections to the Service Principal Name (SPN) of the server and the channel bindings of the client.

Important: Extended protection requires support from both the client and the server operating systems, as well as the application protocol being used. Ensure that your environment is configured to leverage this security feature effectively.

Classes

Name Description
ExtendedProtectionPolicy Represents the policy for extended protection that is applied to a connection.
ChannelBinding Represents a channel binding token (CBT) used in extended protection.

Methods

Name Description
PopulateRequiredServices(System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy, System.Collections.Generic.ICollection<System.String>) Populates a collection of SPNs that are required by the specified extended protection policy.
CreatePolicy(System.Security.Authentication.ExtendedProtection.ProtectionScenario, System.Security.Cryptography.HashAlgorithmName) Creates an ExtendedProtectionPolicy instance with the specified scenario and hash algorithm.
CreatePolicy(System.Security.Authentication.ExtendedProtection.ProtectionScenario, System.Security.Cryptography.HashAlgorithmName, System.Security.Authentication.ExtendedProtection.ChannelBinding) Creates an ExtendedProtectionPolicy instance with the specified scenario, hash algorithm, and channel binding.

Remarks

Extended protection is a security mechanism designed to mitigate man-in-the-middle attacks. By associating a network connection with the server's SPN, it helps ensure that the client is communicating with the intended server and not an impostor.

The ExtendedProtection class acts as a central point for managing these security policies. Developers can use it to define when and how extended protection should be applied, and what parameters (like SPNs and channel bindings) are necessary for a secure connection.

For more detailed information on configuring and implementing extended protection, refer to the documentation for ExtendedProtectionPolicy and related classes.

Note: The Windows Extended Protection for Application Servers architecture is available on Windows Server 2008 and later, and Windows Vista and later.

See Also