HttpListener.UnsafeConnectionNtlmAuthentication Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Gets or sets a Boolean value that controls whether, when NTLM is used, additional requests using the same Transmission Control Protocol (TCP) connection are required to authenticate.
public:
property bool UnsafeConnectionNtlmAuthentication { bool get(); void set(bool value); };public bool UnsafeConnectionNtlmAuthentication { get; set; }member this.UnsafeConnectionNtlmAuthentication : bool with get, setPublic Property UnsafeConnectionNtlmAuthentication As BooleanProperty Value
true if the IIdentity of the first request will be used for subsequent requests on the same connection; otherwise, false. The default value is false.
Exceptions
This object has been closed.
Examples
The following code example demonstrates setting this property.
public static void SimpleListenerWithUnsafeAuthentication(string[] prefixes)
{
// URI prefixes are required,
// for example "http://contoso.com:8080/index/".
if (prefixes == null || prefixes.Length == 0)
throw new ArgumentException("prefixes");
// Set up a listener.
HttpListener listener = new HttpListener();
foreach (string s in prefixes)
{
listener.Prefixes.Add(s);
}
listener.Start();
// Specify Negotiate as the authentication scheme.
listener.AuthenticationSchemes = AuthenticationSchemes.Negotiate;
// If NTLM is used, we will allow multiple requests on the same
// connection to use the authentication information of first request.
// This improves performance but does reduce the security of your
// application.
listener.UnsafeConnectionNtlmAuthentication = true;
// This listener does not want to receive exceptions
// that occur when sending the response to the client.
listener.IgnoreWriteExceptions = true;
Console.WriteLine("Listening...");
// ... process requests here.
listener.Close();
}
Public Shared Sub SimpleListenerWithUnsafeAuthentication(ByVal prefixes As String())
' URI prefixes are required,
' for example "http://contoso.com:8080/index/".
If prefixes Is Nothing OrElse prefixes.Length = 0 Then Throw New ArgumentException("prefixes")
' Set up a listener.
Dim listener As HttpListener = New HttpListener()
For Each s As String In prefixes
listener.Prefixes.Add(s)
Next
listener.Start()
' Specify Negotiate as the authentication scheme.
listener.AuthenticationSchemes = AuthenticationSchemes.Negotiate
' If NTLM Is used, we will allow multiple requests on the same
' connection to use the authentication information of first request.
' This improves performance but does reduce the security of your
' application.
listener.UnsafeConnectionNtlmAuthentication = True
' This listener does Not want to receive exceptions
' that occur when sending the response to the client.
listener.IgnoreWriteExceptions = True
Console.WriteLine("Listening...")
' ... process requests here.
listener.Close()
End Sub
Remarks
When this property is set to true and the first request over a particular TCP connection is authenticated using NTLM, subsequent requests over the same TCP connection are processed using the authentication information (IIdentity) of the initial request.
This property has no effect when NTLM is not the authentication protocol. When Negotiate is specified as the authentication protocol, this property has an effect only if NTLM is the actual protocol used for authentication.
Note
While setting this property to true increases performance because the HttpListener does not send additional NTLM authentication challenges, there is a security risk in not requiring all requests to provide authentication information. You must determine whether the increase in performance is worth this risk.
