How to interoperate between SSPI and the .NET NegotiateStream Class

Win32 Desktop Applications can take advantage of SSPI to authenticate Windows Users.  In .NET, Windows Authentication can be done using the NegotiateStream Class.

We have had several questions in the past on how you can get a Win32 Desktop Client/Server Application using SSPI to authenticate with a .NET Client/Server using the NegotiateStream Class.

The key to getting these Frameworks to interoperate is that the NegotiateStream Class has implemented its own PROTOCOL which wraps SSPI.  This means that you need to modify your Win32 Application to implement the PROTOCOL before sending your SSPI Blobs to the NegotiateStream Client/Server.

Luckily, the NegotateStream Protocol is documented here.  (Referred to as [MS-NNS]: .NET NegotiateStream Protocol)

The key thing to review are the Message Syntaxes which are the following:

  • Handshake Message
  • Data Message

For the Handshake Message, the message is defined here:

This information should allow you to easily modify your desktop application using SSPI to interoperate with an .NET application using the NegotiateStream Class.

Follow us on Twitter,

Comments (0)