Way to specify Kerberos over NTLM in .NET for file access

Mark Sanchez 101 Reputation points

Per Microsoft recommendations, our IT director intends to disable NTLM on our domain. When he tried to do so recently, errors were logged and we determined that their source was from some of our custom .NET 4.6 apps. The common theme with these apps was they all use impersonation for certain operations. For example, we copy a file from a place the user does not have access to, then return the context back to the user’s account.

Our code uses the WindowsIdentity.Impersonate function of the System.Security.Principal namespace. It does not appear that this function, nor the “LogonUser” Win32 API function it uses, have a way of specifying the authentication method to use (NTLM vs. Kerberos).

Is there an alternative/better way to perform impersonation in .NET, which will either prioritize Kerberos over NTLM or allow us to specify to use Kerberos? Or perhaps is this something that must be handled outside our code?


An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
8,243 questions
{count} votes