KerberosAuthentication Class

Namespace: System.Net.Security
Encapsulates Kerberos authentication for network connections. This class cannot be inherited.

Table of Contents

Introduction

The KerberosAuthentication class provides functionality to perform authentication using the Kerberos protocol. It is designed to be used in scenarios where Kerberos is the desired authentication mechanism for securing network communications.

Syntax


public sealed class KerberosAuthentication : AuthenticationBase

Constructors

KerberosAuthentication(string servicePrincipalName)

Initializes a new instance of the KerberosAuthentication class with the specified service principal name.

Parameters:

servicePrincipalName: The service principal name (SPN) for the target service.

Properties

Name Description
Credentials Gets the credentials used for authentication. This property is inherited from AuthenticationBase.
DefaultRealm Gets or sets the default Kerberos realm.
Protocol Gets the authentication protocol used by this class (Kerberos).
ServicePrincipalName Gets the service principal name used for authentication.

Methods

Name Description
Authenticate(NetworkCredential credential) Authenticates the client using the provided network credentials.
Authenticate(ICredentials credentials) Authenticates the client using the provided credentials.
GenerateKerberosTicket(string userName, string password) Generates a Kerberos ticket for the specified user.

Remarks

Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. The KerberosAuthentication class simplifies the process of integrating Kerberos authentication into .NET applications. It handles the complexities of ticket generation, validation, and exchange with Key Distribution Centers (KDCs).

When using this class, ensure that the client and server machines are part of the same Kerberos realm or have trust relationships configured. The ServicePrincipalName (SPN) is crucial for identifying the target service within the Kerberos realm. An incorrect SPN will result in authentication failures.

Tip: For applications requiring Windows Integrated Authentication, consider using the NegotiateStream class, which can automatically negotiate Kerberos or NTLM based on the environment.

Requirements

Assembly

mscorlib.dll

Namespace

System.Net.Security

Assembly (.NET Framework)

System.dll

See Also

© 2023 Microsoft Corporation. All rights reserved.