Authetication from a Kerberos authenticated machine to an NTLM server

Question

I am stuck on the following scenario: I am running a c# program from a client which has authenticationtype Kerberos. I want to use the kerberos credentials to authenticate to a SharePoint server webservice which is still authenticated by NTLM. How can I login to the webservice using NTLM with my client Kerberos credentials?

As a test program I wrote the following, I would like to adjust that to a program that is not using the constants username, pasword and domain and still function correctly:

using System;
using System.Security.Principal;
using TestSharePointServices.listService;

namespace TestSharePointServices
{

    class Program
    {
        static void Main(string[] args)
        {
            string username = "myusername";
            string password = "mypassword";
            string domain = "mydomain";

            ListsSoapClient client = new ListsSoapClient();
            if (client.ClientCredentials != null)
            {
                Console.WriteLine("Name: " + WindowsIdentity.GetCurrent().Name);
                Console.WriteLine("Authenticated: " + WindowsIdentity.GetCurrent().IsAuthenticated);
                Console.WriteLine("Authentication Type: " + WindowsIdentity.GetCurrent().AuthenticationType);
                Console.ReadKey();
                client.ClientCredentials.Windows.ClientCredential = 
                    new System.Net.NetworkCredential(username, password, domain);
                client.ClientCredentials.Windows.AllowedImpersonationLevel =
                    System.Security.Principal.TokenImpersonationLevel.Impersonation;
            } 

            string callback = client.GetList("Accounts").ToString();
            Console.WriteLine(callback);
            Console.ReadKey();
        }
    }
}

With the following app.config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <bindings>
            <basicHttpBinding>
              <binding name="ListsSoap" closeTimeout="00:05:00" openTimeout="00:05:00" 
                       receiveTimeout="00:30:00" sendTimeout="00:05:00" allowCookies="false" 
                       bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" 
                       maxBufferPoolSize="524288" maxBufferSize="65536" maxReceivedMessageSize="65536" 
                       textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true" 
                       messageEncoding="Text">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
                              maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                <security mode="TransportCredentialOnly">
                  <transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />
                  <message clientCredentialType="UserName" algorithmSuite="Default" />
                </security>
              </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="http://sharepointserver/crm/_vti_bin/Lists.asmx"
                binding="basicHttpBinding" bindingConfiguration="ListsSoap"
                contract="listService.ListsSoap" name="ListsSoap" />
        </client>
    </system.serviceModel>
</configuration>

The program outputs:

Name: mydomain\myusername

Authenticated: True

Authentication Type: Kerberos

Xml output from SharePoint on screen.

Answer 1

You can't. Kerberos has nothing to do with NTLM. Absolutely nothing. NTLM is Windows only. All you can do is to login with your Windows user/pass and perform NTLM auch. Though I would strongly recommend making your SharePoint Kerberos-capable which is less than an hour work.