System.Net.Mail.SmtpClient and NTLM Authentication with Exchange 2007

Question

Hello,

 

I need to use NTLM authentication with our Exchange 2007 SMTP Servers, but i'm having some problems authenticating !

In detail, a user, at his workstation, and logged on the domain (same as Exchange) to be able to NTLM authenticate himself to the Exchange SMTP.

 

Using the System.Net.Mail.SmtpClient class, i tryed setting the Credentials property in the following ways:

 

1) ...Credentials = new NetworkCredential(username, password, domain);

2) ...Credentials = CredentialCache.DefaultNetworkCredentials;

3) ...Credentials = System.Net.CredentialCache.DefaultCredentials.GetCredential(new Uri("smtp://server.fqdn"), "NTLM");

 

All fail because the SmtpClient always sends: AUTH gssapi <base64>

SMTP returns: 535 5.7.3 Authentication Unsucessfull

 

And now.. using the deprecated System.Web.Mail namespace, specifying NTLM authentication, all goes fine

 

What is going wrong here ?!? How to force AUTH ntlm ? Help please.

 

Thanks in advance,

Fernando Nunes

Answer 1

The AUTH GSSAPI implementation in Exchange 2007 was changed from the previous release of Exchange and, unfortunately, is no longer compatible with the implementation of AUTH GSSAPI in System.Net.Mail.SmtpClient.   Additionally for security reasons System.Net.Mail.SmtpClient will not try to do AUTH NTLM if an AUTH GSSAPI attempt fails.

 

A fix for this issue is being planned to be released in the next release of the framework (Orcas RTM).

Answer 2

Well i'll have to manage with what i can at the moment.

 

Thank you for the explanation Larry.

 

Best regards,

Fernando Nunes

Answer 3

So are there any ways to programatically send mail with default credentials (I don't want a prompt for creds and I can't store the password) when the mail server is Exchange 2007?  System.Web.Mail.MailMessage seems to want a password.

Answer 4

The issue i'm facing it is with NTLM authentication, and when Exchange SMTP connector supports GSSAPI negotiation.

If the SMTP supports LOGIN or you can negotiate a Kerberos authentication probably you're ok.

If you need to use NTLM authentication, uou can use the System.Web.MailMessage class and on the Fields property set:

 

mailMessage.Fields["http://schemas.microsoft.com/cdo/configuration/smtpauthenticate"] = 2; // Sets up NTLM authentication using the credentials of the running thread

 

That should do it. Hope it helps.

 

Best regards,

Fernando Nunes

Answer 5

I have the following piece of simple code (below) which works with Exchange 2003 but now gives me the exception "5.7.3 Authentication unsuccessful" with Exchange 2007.

 

            MailMessage message = new MailMessage(
                   "administrator@extranet.trey.com",
                   "administrator@extranet.trey.com",
                   "Blah",
                   "blah");

           SmtpClient client = new SmtpClient("Exch-Server");

            client.UseDefaultCredentials = false;
            client.EnableSsl = false;
            client.Credentials = System.Net.CredentialCache.DefaultCredentials.GetCredential(new Uri("smtp://extranetws.trey.com"), "Kerberos");
            client.Send(message);

 

Thanks, Jeff

Answer 6

Argh I previously posted a bad piece of code the second from the last line was wrong but it doesn't matter with the change below it works on Exch 2003 but throws "5.7.3 Authentication unsuccessful" when using Exch 2007.  This seems similar to the NTLM problem that was posted here.  Can anyone tell me if there is something I am doing incorrectly or if there is another way to programmatically send mail with Exch 2007 with default creds.

 

          MailMessage message = new MailMessage(
                   "administrator@extranet.trey.com",
                   "administrator@extranet.trey.com",
                   "Blah",
                   "blah");

           SmtpClient client = new SmtpClient("Exch-Server");

            client.UseDefaultCredentials = false;
            client.EnableSsl = false;
            client.Credentials = System.Net.CredentialCache.DefaultCredentials.GetCredential(new Uri("smtp://extranetws.trey.com"), "Kerberos");
            client.Send(message);

 

Thanks, Jeff

Answer 7

If I use System.Web.Mail with the code below it also works with Exch 2003 but fails with "530 5.7.1 Client was not authenticated" when using Exch 2007

 

              MailMessage Message = new MailMessage();
               Message.To = "administrator@test.jeffspel.com";
               Message.From = "administrator@test.jeffspel.com";
               Message.Subject = "subject";
               Message.Body = "body";
               Message.Fields.Add("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate", "2");
               SmtpMail.SmtpServer = "Exch-Server";
               SmtpMail.Send(Message);

 

Anyone have any ideas?

Thanks, Jeff

Answer 8

Ok, first its better for you to:

 

telnet exchange_ipaddress 25

 

type in: EHLO <hostname of your machine>

 

and you should get some headers, including a 250-AUTH <authentication mechanisms>

 

What comes after the AUTH defines which authentication mechanisms your smtp server allows or doesn't.

I.e: 250-AUTH PLAIN LOGIN GSSAPI NTLM .... etc....

 

Are you sure your server is accepting NTLM authentication ? If it accepts, i suggest you get a log from the smtp connection and validate that System.Web.Mail is directly inputing: auth NTLM.

 

If it is... it can be something with your smtp conector ?!!?!? Something wrong with the exchange permissions for the user ?!??

Answer 9

Thank you for the help Fernando.  I got the System.Web.Mail code to work with Exchange 2007, I was never able to get the System.Net.Mail to work without allowing anonymous users in a receive connector.

Answer 10

Larry,

 

The .NET Framework 2.0 Service Pack 1 ( http://support.microsoft.com/kb/945757 ) is out with numerous fixes, but none seems to be the issue we've seen.

 

Do we have to use the .NET Framework 3.5 in order to have proper Exchange 2007 Authentication with the System.Net.Mail.SmtpClient ?

 

Best regards,

Fernando Nunes

Answer 11

Here's the solution to this...

If you use the following setup in your web.config or your app.config

Code Snippet

    <system.net>
        <mailSettings>
            <smtp deliveryMethod="Network" from="abc@companyname.com">
                <network host="[server name]" port="[smtp port]" defaultCredentials="false" userName="[Domain\username]" password="[password]"/>
            </smtp>
        </mailSettings>
    </system.net>

and then use your SmtpClient with nothing in the constructor and send your mail message, then you can use the System.Net.Mail namespace.

I've tried this and it works both in the web and the windows application.