问题
I am new on kerberos authentication and don't know anything about it. I have the server name, username and password ready for it.
I need to authenticate users from stand alone windows application. Can somebody please help?
I did not find much help on googling.
Appreciate any thought.
回答1:
In Kerberos you authenticate not with pair username/password, but by attaching Kerberos token, which you can grab from CredentialsCache.
WebRequest WReq = WebRequest.Create (MyURI);
WReq.Credentials = CredentialCache.DefaultCredentials;
see: https://msdn.microsoft.com/en-us/library/yk7437c8%28v=vs.110%29.aspx
The second line will give you NTLM or Kerberos credentials. You'll get Kerberos credentials when:
- your application is started by a domain user account
- SPN or UPN for the server in present in Kerberos KeyDistributionCentre
- Server is configured to receive Kerberos tokens, at least: you must provide it a password.
When you execute 'CredentialCache.DefaultCredentials', your application uses underlying mechanisms to generate SPNEGO token for you. Inside it, will be Keberos or NTLM ticket. Here's how it works:
- description of environment: https://msdn.microsoft.com/en-us/library/aa480562.aspx
- what goes on a client computer (SSPI implementation is used to generate tickets) https://msdn.microsoft.com/en-us/library/aa480609.aspx
来源:https://stackoverflow.com/questions/33781360/kerberos-authentication-in-windows-service