System.Net.Security.NegotiateStream Class

Provides a stream that uses the Negotiate security protocol to authenticate the client, and optionally the server, in client-server communication.

See Also: NegotiateStream Members


public class NegotiateStream : AuthenticatedStream


Use the System.Net.Security.NegotiateStream class for authentication and to help secure information transmitted between a client and a server. Using System.Net.Security.NegotiateStream, you can do the following.

Authentication must be performed before transmitting information. Clients request authentication using the synchronous erload:System.Net.Security.NegotiateStream.AuthenticateAsClient methods, which block until the authentication completes, or the asynchronous erload:System.Net.Security.NegotiateStream.BeginAuthenticateAsClient methods, which do not block while waiting for the authentication to complete. Servers request authentication using the synchronous erload:System.Net.Security.NegotiateStream.AuthenticateAsServer or asynchronous erload:System.Net.Security.NegotiateStream.BeginAuthenticateAsServer methods. The client, and optionally the server, is authenticated using the Negotiate security protocol. On Windows 95/98 systems, Windows NT LAN Manager (NTLM) is the protocol used for authentication. On other platforms the Kerberos protocol is used for authentication if both client and server support it; otherwise NTLM is used. For detailed descriptions of these protocols, see the Platform SDK documentation on MSDN, at The System.Net.Security.NegotiateStream class performs the authentication using the Security Support Provider Interface (SSPI).

When authentication succeeds, you must check the NegotiateStream.IsEncrypted and NegotiateStream.IsSigned properties to determine what security services will be used by the System.Net.Security.NegotiateStream to help secure your data during transmission. Check the NegotiateStream.IsMutuallyAuthenticated property to determine whether mutual authentication occurred. You can get information about the remote client or server using the NegotiateStream.RemoteIdentity property.

If the authentication fails, you will receive an System.Security.Authentication.AuthenticationException or a System.Security.Authentication.InvalidCredentialException. In this case, you can retry the authentication with a different credential.

You send data using the synchronous NegotiateStream.Write(Byte[], int, int) or asynchronous NegotiateStream.BeginWrite(Byte[], int, int, AsyncCallback, object) methods. You receive data using the synchronous NegotiateStream.Read(Byte[], int, int) or asynchronous NegotiateStream.BeginRead(Byte[], int, int, AsyncCallback, object) methods. If security services such as encryption or signing are enabled, these are automatically applied to your data by the System.Net.Security.NegotiateStream.

The System.Net.Security.NegotiateStream transmits data using a stream that you supply when creating the System.Net.Security.NegotiateStream. When you supply this underlying stream, you have the option to specify whether closing the System.Net.Security.NegotiateStream also closes the underlying stream.


Namespace: System.Net.Security
Assembly: System (in System.dll)
Assembly Versions:,
Since: .NET 2.0