King Chan King Chan - 1 month ago 14
C# Question

What equivalent of AuthenticationTypes.Secure in PrincipalContext's ContextOption?

As titled, I am trying to converting DirectoryEntry parameter into PrincipalContext, but I don't see a ContextOption that equivalent to AuthenticationTypes.Secure in DirectionEntry.

AuthenticationTypes.Secure: http://msdn.microsoft.com/en-us/library/system.directoryservices.authenticationtypes.aspx


Requests secure authentication. When this flag is set, the WinNT
provider uses NTLM to authenticate the client. Active Directory Domain
Services uses Kerberos, and possibly NTLM, to authenticate the client.
When the user name and password are a null reference (Nothing in
Visual Basic), ADSI binds to the object using the security context of
the calling thread, which is either the security context of the user
account under which the application is running or of the client user
account that the calling thread is impersonating.


ContextOption: http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.contextoptions.aspx

I don't see anything similar....

Answer

From my experience the ContextOptions.Negotiate is equivalent to AuthenticationTypes.Secure. See also the description on MSDN for both values.

ContextOptions.Negotiate - The client is authenticated by using either Kerberos or NTLM. When the user name and password are not provided, the Account Management API binds to the object by using the security context of the calling thread, which is either the security context of the user account under which the application is running or of the client user account that the calling thread represents.

AuthenticationTypes.Secure - Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client.

You can test this by using the following code:

PrincipalContext ctx = new PrincipalContext(ContextType.Domain,
                                     "test.int",
                                     "CN=Users,DC=test,DC=int",
                                     ContextOptions.Negotiate,
                                     "administrator",
                                     "SecurePassword");

UserPrincipal usr = new UserPrincipal(ctx);

usr.Name = "Jim Daly";
usr.SamAccountName = "Jim.Daly";
usr.UserPrincipalName = "Jim.Daly@test.int";
usr.Description = "This is the user account for Jim Daly";
usr.EmailAddress = "jimdaly@test.int";
usr.SetPassword("VerySecurePwd");
usr.Save();

// Get the underlying directory entry.
DirectoryEntry de = (DirectoryEntry)usr.GetUnderlyingObject();

// Print the authentication type 
Console.Out.WriteLine(de.AuthenticationType);

I think the other options map as follows:

ContextOptions.Sealing -> AuthenticationTypes.Sealing
ContextOptions.SecureSocketLayer -> AuthenticationTypes.Encryption
ContextOptions.ServerBind -> AuthenticationTypes.ServerBind
ContextOptions.Signing -> AuthenticationTypes.Signing
ContextOptions.SimpleBind -> AuthenticationTypes.None