About Intel AMT > Integration with Active Directory > Kerberos Authentication using .NET

Kerberos Authentication using .NET

The following example shows how to perform Kerberos authentication using .NET 2. The example connects with the Intel AMT Remote Control service.

//---------------------------------------------------------------------

//

//  Copyright (C) Intel Corporation, 2003 - 2006.

//

//  File:       KerberosClient.cs

//

//  Contents:   Sample code for a Intel(R) AMT Release 2.0 network

//              client with Kerberos authentication.

//

//--------------------------------------------------------------------

 

using System;

using System.Net;

 

/*

 * This is a short example of invoking a WSDL on Intel AMT using

 * Kerberos authentication on the clear

 *

 * Compile Requirements:

 * - Microsoft Visual Studio

 * - The RemoteControlService must be generated from

 *   RemoteControlInterface.wsdl with wsdl.exe

 *

 * Runtime Requirements:

 * - Client host must have .Net 2.0 framework.

 * - Client host must be a member of the domain forest.

 * - Intel AMT must be configured for Kerberos authentication (this can

 *   be done with the sample configuration server.

 * - The user whose credentials are provided below must be a member

 *   of a group which has a Kerberos ACL installed on Intel AMT that

 *   includes the RemoteControl security realm.

 *   The sample Configuration Server has a set of Kerberos settings

 *   that includes the creation of a Kerberos ACL for the group

 *   "Domain Users" (any authenticated user)

 *   and includes the RemoteControlRealm (this realm has the number 5).

 */

namespace SpnProblem

{

    class KerberosClient

    {

  // The assignments below must be replaced with meaningful values.

  // *In a production environment the password must be stored securely*

        const string hostname = "hostname";

        const string domain = "domain";

        const string user = "user";

        const string password = "password";

 

        [STAThread]

        static void Main(string[] args)

    {

            try

            {

                string fqdn = hostname + "." + domain;

 

                // set target URI

                Uri serviceUri = new Uri("http://" + fqdn + ":16992/RemoteControlService");

                RemoteControlService r = new RemoteControlService();

                r.Url = serviceUri.ToString();

 

                // set SPN for target uri

                AuthenticationManager.CustomTargetNameDictionary.Add(

                    serviceUri.ToString(),

                    "HTTP/" + fqdn + ":16992"

                    );

 

                // set Kerberos credentials

                CredentialCache myCache = new CredentialCache();

                myCache.Add(

                        serviceUri,

                        "Negotiate",

                        new NetworkCredential(user, password, domain)

                        );

                r.Credentials = myCache;

 

                // invoke RemoteControl

                uint state;

                r.GetSystemPowerState(out state);

                System.Console.WriteLine("state = {0}", state);

            }

            catch (WebException we)

            {

                Console.WriteLine("Error: could not connect to remote host");

                Console.WriteLine(we.Message);

            }

            catch (Exception e)

            {

                Console.WriteLine(e.Message);

            }

            finally

            {

            }

    }

    }

}

 

Copyright © 2006-2022, Intel Corporation. All rights reserved.