private async Task VerifyAuthentication(NetworkCredential credential)
{
string serverName = Configuration.Security.NegotiateServer.Host;
int port = Configuration.Security.NegotiateServer.Port;
string serverSPN = "HOST/" + serverName;
bool isLocalhost = await IsLocalHost(serverName);
string expectedAuthenticationType = "Kerberos";
bool mutualAuthenitcated = true;
if (credential == CredentialCache.DefaultNetworkCredentials && isLocalhost)
{
expectedAuthenticationType = "NTLM";
}
else if (credential != CredentialCache.DefaultNetworkCredentials &&
(string.IsNullOrEmpty(credential.UserName) || string.IsNullOrEmpty(credential.Password)))
{
// Anonymous authentication.
expectedAuthenticationType = "NTLM";
mutualAuthenitcated = false;
}
using (var client = new TcpClient())
{
await client.ConnectAsync(serverName, port);
NetworkStream clientStream = client.GetStream();
using (var auth = new NegotiateStream(clientStream, leaveInnerStreamOpen:false))
{
await auth.AuthenticateAsClientAsync(
credential,
serverSPN,
ProtectionLevel.EncryptAndSign,
System.Security.Principal.TokenImpersonationLevel.Identification);
Assert.Equal(expectedAuthenticationType, auth.RemoteIdentity.AuthenticationType);
Assert.Equal(serverSPN, auth.RemoteIdentity.Name);
Assert.Equal(true, auth.IsAuthenticated);
Assert.Equal(true, auth.IsEncrypted);
Assert.Equal(mutualAuthenitcated, auth.IsMutuallyAuthenticated);
Assert.Equal(true, auth.IsSigned);
// Send a message to the server. Encode the test data into a byte array.
byte[] message = Encoding.UTF8.GetBytes("Hello from the client.");
await auth.WriteAsync(message, 0, message.Length);
}
}
}
