Answered by:
System.Net.Mail.SmtpClient and NTLM Authentication with Exchange 2007

Question
-
Hello,
I need to use NTLM authentication with our Exchange 2007 SMTP Servers, but i'm having some problems authenticating !
In detail, a user, at his workstation, and logged on the domain (same as Exchange) to be able to NTLM authenticate himself to the Exchange SMTP.
Using the System.Net.Mail.SmtpClient class, i tryed setting the Credentials property in the following ways:
1) ...Credentials = new NetworkCredential(username, password, domain);
2) ...Credentials = CredentialCache.DefaultNetworkCredentials;
3) ...Credentials = System.Net.CredentialCache.DefaultCredentials.GetCredential(new Uri("smtp://server.fqdn"), "NTLM");
All fail because the SmtpClient always sends: AUTH gssapi <base64>
SMTP returns: 535 5.7.3 Authentication Unsucessfull
And now.. using the deprecated System.Web.Mail namespace, specifying NTLM authentication, all goes fine
What is going wrong here ?!? How to force AUTH ntlm ? Help please.
Thanks in advance,
Fernando Nunes
Answers
-
The AUTH GSSAPI implementation in Exchange 2007 was changed from the previous release of Exchange and, unfortunately, is no longer compatible with the implementation of AUTH GSSAPI in System.Net.Mail.SmtpClient. Additionally for security reasons System.Net.Mail.SmtpClient will not try to do AUTH NTLM if an AUTH GSSAPI attempt fails.
A fix for this issue is being planned to be released in the next release of the framework (Orcas RTM).
All replies
-
The AUTH GSSAPI implementation in Exchange 2007 was changed from the previous release of Exchange and, unfortunately, is no longer compatible with the implementation of AUTH GSSAPI in System.Net.Mail.SmtpClient. Additionally for security reasons System.Net.Mail.SmtpClient will not try to do AUTH NTLM if an AUTH GSSAPI attempt fails.
A fix for this issue is being planned to be released in the next release of the framework (Orcas RTM).
-
-
-
The issue i'm facing it is with NTLM authentication, and when Exchange SMTP connector supports GSSAPI negotiation.
If the SMTP supports LOGIN or you can negotiate a Kerberos authentication probably you're ok.
If you need to use NTLM authentication, uou can use the System.Web.MailMessage class and on the Fields property set:
mailMessage.Fields["http://schemas.microsoft.com/cdo/configuration/smtpauthenticate"] = 2; // Sets up NTLM authentication using the credentials of the running thread
That should do it. Hope it helps.
Best regards,
Fernando Nunes
-
I have the following piece of simple code (below) which works with Exchange 2003 but now gives me the exception "5.7.3 Authentication unsuccessful" with Exchange 2007.
MailMessage message = new MailMessage(
"administrator@extranet.trey.com",
"administrator@extranet.trey.com",
"Blah",
"blah");SmtpClient client = new SmtpClient("Exch-Server");
client.UseDefaultCredentials = false;
client.EnableSsl = false;
client.Credentials = System.Net.CredentialCache.DefaultCredentials.GetCredential(new Uri("smtp://extranetws.trey.com"), "Kerberos");
client.Send(message);Thanks, Jeff
-
Argh I previously posted a bad piece of code the second from the last line was wrong but it doesn't matter with the change below it works on Exch 2003 but throws "5.7.3 Authentication unsuccessful" when using Exch 2007. This seems similar to the NTLM problem that was posted here. Can anyone tell me if there is something I am doing incorrectly or if there is another way to programmatically send mail with Exch 2007 with default creds.
MailMessage message = new MailMessage(
"administrator@extranet.trey.com",
"administrator@extranet.trey.com",
"Blah",
"blah");SmtpClient client = new SmtpClient("Exch-Server");
client.UseDefaultCredentials = false;
client.EnableSsl = false;
client.Credentials = System.Net.CredentialCache.DefaultCredentials.GetCredential(new Uri("smtp://extranetws.trey.com"), "Kerberos");
client.Send(message);Thanks, Jeff
-
If I use System.Web.Mail with the code below it also works with Exch 2003 but fails with "530 5.7.1 Client was not authenticated" when using Exch 2007
MailMessage Message = new MailMessage();
Message.To = "administrator@test.jeffspel.com";
Message.From = "administrator@test.jeffspel.com";
Message.Subject = "subject";
Message.Body = "body";
Message.Fields.Add("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate", "2");
SmtpMail.SmtpServer = "Exch-Server";
SmtpMail.Send(Message);Anyone have any ideas?
Thanks, Jeff
-
Ok, first its better for you to:
telnet exchange_ipaddress 25
type in: EHLO <hostname of your machine>
and you should get some headers, including a 250-AUTH <authentication mechanisms>
What comes after the AUTH defines which authentication mechanisms your smtp server allows or doesn't.
I.e: 250-AUTH PLAIN LOGIN GSSAPI NTLM .... etc....
Are you sure your server is accepting NTLM authentication ? If it accepts, i suggest you get a log from the smtp connection and validate that System.Web.Mail is directly inputing: auth NTLM.
If it is... it can be something with your smtp conector ?!!?!? Something wrong with the exchange permissions for the user ?!??
- Proposed as answer by Priya Sajja Tuesday, May 17, 2011 8:00 PM
-
Thank you for the help Fernando. I got the System.Web.Mail code to work with Exchange 2007, I was never able to get the System.Net.Mail to work without allowing anonymous users in a receive connector.
- Proposed as answer by fatloopbe Thursday, August 14, 2008 6:04 PM
-
Larry,
The .NET Framework 2.0 Service Pack 1 ( http://support.microsoft.com/kb/945757 ) is out with numerous fixes, but none seems to be the issue we've seen.
Do we have to use the .NET Framework 3.5 in order to have proper Exchange 2007 Authentication with the System.Net.Mail.SmtpClient ?
Best regards,
Fernando Nunes
-
Here's the solution to this...
If you use the following setup in your web.config or your app.config
Code Snippet<system.net>
<mailSettings>
<smtp deliveryMethod="Network" from="abc@companyname.com">
<network host="[server name]" port="[smtp port]" defaultCredentials="false" userName="[Domain\username]" password="[password]"/>
</smtp>
</mailSettings>
</system.net>
and then use your SmtpClient with nothing in the constructor and send your mail message, then you can use the System.Net.Mail namespace.
I've tried this and it works both in the web and the windows application.- Proposed as answer by Eslam Badawy Sunday, November 7, 2010 3:39 AM