NegotiateStream.AuthenticateAsClient Method (System.Net.Security)

NegotiateStream.AuthenticateAsClient Method

Specifies the authentication method used to authenticate a client using the NegotiateStream.

Syntax

public void AuthenticateAsClient (
    <ref struct> System.Net.NetworkCredential credentials,
    System.Security.Cryptography.X509Certificates.X509Certificate clientCertificate,
    bool  requestClientCert,
    System.Security.Authentication.ExtendedProtection.ProtectionLevel protectionLevel
);

public void AuthenticateAsClient (
    <ref struct> System.Net.NetworkCredential credentials,
    System.Security.Cryptography.X509Certificates.X509Certificate clientCertificate,
    System.Security.Authentication.CipherSuitesPolicy cipherSuitesPolicy,
    bool  requestClientCert,
    System.Security.Authentication.ExtendedProtection.ProtectionLevel protectionLevel
);

public void AuthenticateAsClient (
    string targetName,
    System.Security.Cryptography.X509Certificates.X509Certificate clientCertificate,
    bool  requestClientCert,
    System.Security.Authentication.ExtendedProtection.ProtectionLevel protectionLevel
);

public void AuthenticateAsClient (
    string targetName,
    System.Security.Cryptography.X509Certificates.X509Certificate clientCertificate,
    System.Security.Authentication.CipherSuitesPolicy cipherSuitesPolicy,
    bool  requestClientCert,
    System.Security.Authentication.ExtendedProtection.ProtectionLevel protectionLevel
);

Parameters

Name	Description
`credentials`	A System.Net.NetworkCredential object that contains the user's credentials.
`clientCertificate`	A System.Security.Cryptography.X509Certificates.X509Certificate object that represents the X.509 certificate of the client.
`requestClientCert`	true to request a client certificate from the server; otherwise, false.
`protectionLevel`	A System.Security.Authentication.ExtendedProtection.ProtectionLevel enumeration value that specifies the level of protection.
`targetName`	The SPN (Service Principal Name) of the server to authenticate.
`cipherSuitesPolicy`	A System.Security.Authentication.CipherSuitesPolicy object that specifies the allowed cipher suites.

Remarks

The AuthenticateAsClient method performs client authentication using the Negotiate Security Support Provider (SSP).

When you use the NegotiateStream.AuthenticateAsClient method, the stream attempts to negotiate a security context with the remote server.

If requestClientCert is true, the server is prompted to send a client certificate.
The protectionLevel parameter specifies whether the negotiated security context should provide integrity and/or confidentiality.

This method should be called before any data is sent or received over the NegotiateStream.

Exceptions

Type	Condition
`System.ArgumentNullException`	`credentials` is null.
`System.ArgumentNullException`	`targetName` is null or empty.
`System.Net.Sockets.SocketException`	An error occurred while accessing the socket.
`System.Security.Authentication.AuthenticationException`	The authentication failed.

Examples

The following code example demonstrates how to use the AuthenticateAsClient method.

using System;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;

public class NegotiateClientExample
{
    public static async Task RunAsync(string serverName, int port)
    {
        try
        {
            using (TcpClient client = new TcpClient(serverName, port))
            using (NetworkStream stream = client.GetStream())
            using (var negotiateStream = new NegotiateStream(stream, true))
            {
                // Authenticate as client
                // Using a null credential and default protection level for demonstration.
                // In a real scenario, you might provide specific credentials or certificates.
                await negotiateStream.AuthenticateAsClientAsync(
                    serverName, // Target SPN
                    null,       // Client certificate (null for no client cert)
                    true,       // Request client cert (usually false for client auth unless required)
                    ProtectionLevel.EncryptAndSign
                );

                Console.WriteLine("Authentication successful!");

                // Now you can send and receive data securely
                string messageToSend = "Hello, secure server!";
                byte[] buffer = System.Text.Encoding.UTF8.GetBytes(messageToSend);
                await negotiateStream.WriteAsync(buffer, 0, buffer.Length);
                Console.WriteLine($"Sent: {messageToSend}");

                // Example of receiving data
                byte[] receiveBuffer = new byte[1024];
                int bytesRead = await negotiateStream.ReadAsync(receiveBuffer, 0, receiveBuffer.Length);
                string receivedMessage = System.Text.Encoding.UTF8.GetString(receiveBuffer, 0, bytesRead);
                Console.WriteLine($"Received: {receivedMessage}");
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine($"An error occurred: {ex.Message}");
        }
    }

    // Example usage:
    // public static async Task Main(string[] args)
    // {
    //     string serverAddress = "your_server_name.example.com"; // Replace with actual server name
    //     int serverPort = 12345; // Replace with actual port
    //     await RunAsync(serverAddress, serverPort);
    // }
}

Microsoft Learn