C# nettcpbinding disable ntlm

Question

How to disable NTLM when connecting to WCF service? I want to be sure that Im using Kerberos, but there is no option on ChannelFactory in .netstandard20:

channelFactory.Credentials.Windows.AllowNtlm = false;

So currently Im unable to disable "fallback" to NTLM to check whether Kerberos even working.

Answer 1

This is a deprecated attribute. Kerberos authentication will be used first as long as the server and client environments support Windows Kerberos authentication. If the machine environment on both sides is not supported, whether to downgrade to NTLM certification will be determined by the computer policy.
https://docs.microsoft.com/en-us/dotnet/api/system.servicemodel.security.windowsclientcredential.allowntlm?view=netframework-4.8
As the description said.

This property is deprecated and is maintained for backward compatibility only. The local machine policy will be used to determine if NTLM should be used.

Here are some related links.
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm
https://developers.de/blogs/damir_dobric/archive/2009/08/16/enabling-of-ntlm-on-windows-7-and-windows-server-2008-r2.aspx