Windows服务中的Kerberos身份验证

Question

I am new on kerberos authentication and don't know anything about it. I have the server name, username and password ready for it.

I need to authenticate users from stand alone windows application. Can somebody please help?

I did not find much help on googling.

Appreciate any thought.

Answer 1

In Kerberos you authenticate not with pair username/password, but by attaching Kerberos token, which you can grab from CredentialsCache.

WebRequest WReq = WebRequest.Create (MyURI);
WReq.Credentials = CredentialCache.DefaultCredentials;

see: https://msdn.microsoft.com/en-us/library/yk7437c8%28v=vs.110%29.aspx

The second line will give you NTLM or Kerberos credentials. You'll get Kerberos credentials when:

• your application is started by a domain user account
• SPN or UPN for the server in present in Kerberos KeyDistributionCentre
• Server is configured to receive Kerberos tokens, at least: you must provide it a password.

When you execute 'CredentialCache.DefaultCredentials', your application uses underlying mechanisms to generate SPNEGO token for you. Inside it, will be Keberos or NTLM ticket. Here's how it works:

• description of environment: https://msdn.microsoft.com/en-us/library/aa480562.aspx
• what goes on a client computer (SSPI implementation is used to generate tickets) https://msdn.microsoft.com/en-us/library/aa480609.aspx