Stack Overflow
Stack Overflow

Questions tagged [sspi]

Use for questions having to do with the Security Support Provider Interface (SSPI) API.

The Security Support Provider Interface () is a Microsoft Windows API used to perform security-related operations such as authentication. It is implemented as a a dynamic-link library (DLL) supplied with the operating system. SSPI is the means by which the operating system loads SSPs (Security Support Providers), such as Kerberos and NTLM, when the system boots. The SSPI is the implementation of the Generic Security Service API () in Windows.

This article, while dated, is a good primer on : Logon and Authentication Technologies

214 questions
7
votes
1 answer

NTLM Authorization in Perl

I am trying to implement NTLM authorisation for a web server written in Perl (or perhaps an XS module). My understanding is that it should work in the following way: c -> s: GET s -> c: 401, WWW-Authenticate: NTLM c -> s: GET, Authorization: NTLM…
jawr
  • 827
  • 1
  • 7
  • 14
6
votes
2 answers

DTLS using Schannel

I am trying to create a DTLS "connection" using Schannel under Windows (I am testing under recent Windows 10 version, so all DTLS versions supported by Schannel should be available) I tried starting from working code to establish a regular TLS…
fbrosseau
  • 374
  • 3
  • 9
6
votes
1 answer

AcceptSecurityContext fails when application is running as a service

I have a simple HTTP server that authenticates clients with Negotiate protocol. It uses SSPI calls to acquire server credentials and establish security context. The server is in domain and is running on behalf of the domain user. Everything works…
username
  • 3,378
  • 5
  • 44
  • 75
6
votes
3 answers

How does SPN with Kerberos works

As I understand it, SPN is an authenticating tool for windows services. Kerberos is a user authentication service SPNEGO-GSSAPI is the third party API to be able to use those services. SSPI : is the Neutral layer to send request from SPNEGO to…
Jonathan L
  • 73
  • 1
  • 1
  • 4
6
votes
4 answers

Compilable C++ code to implement a secure SLL/TLS client using MS SSPI

As described here http://www.ddj.com/cpp/184401688 I do not have time to write this from scratch. Asked and not answered https://stackoverflow.com/questions/434961/implementing-ssl THE QUESTION IS: I am looking for some compilable working source…
Mike Trader
  • 8,564
  • 13
  • 55
  • 66
5
votes
2 answers

SetSPN unable to locate account

I have SQL Server 2014 installed on a Windows Server 2012 R2, which is also an AD DC. When I try to connect to it using SQL Server Management Studio (SSMS) from a client desktop on the same local domain, I got this error message: The target…
Zhang18
  • 4,800
  • 10
  • 50
  • 67
5
votes
1 answer

Node in Corporative Environment with NODESSPI

I developed a NODE API to serve data to Angular app. The original idea is to use NODESSPI for integrated authentication as we plan to run this on a corporative environment. CORS will be needed as the API Node will be hosted on a different…
Marcelo Gonella
  • 133
  • 2
  • 9
5
votes
2 answers

How to use Python requests to perform NTLM SSPI authentication?

My goal is to authenticate my client that uses the requests library (2.11.1) in Python 3.5.2 through NTLM with SSPI so that the user does not have to manually enter her domain credentials (used to login to the PC). I have found the following…
R01k
  • 735
  • 3
  • 12
  • 26
5
votes
2 answers

How to get Service Token from Kerberos using SSPI

Objective: I am trying to build Proof Of Concept client app to implement Single Sign On by using SSPI. I am new to C# and I am getting confused. What I know and have done so far: All users are part of Active Directory domain, so I know Kerberos is…
Furkat Kholmatov
  • 338
  • 1
  • 3
  • 8
5
votes
1 answer

Can't connect to the SSL server that use only ephemeral ciphersuites (The Local Security Authority cannot be contacted)

I'm trying to connect to the test server started with openssl (this limited ciphersuite combination is intended): openssl s_server -accept 443 -www -tls1_2 -cipher ECDHE:DHE:EDH -cert selfsignedcert.pem -key sskey.pem The code I use is similar to…
savageBum
  • 282
  • 1
  • 4
  • 11
5
votes
4 answers

Exception on SslStream.AuthenticateAsClient (The message was badly formatted)

I have got wierd problem going on. I am trying to connect to Apple server via TCP/SSL. I am using a Client certificate provided by Apple for push notifications. I installed the certificate on my server (Win2k3) in both Local Trusted Root…
Noms
  • 61
  • 1
  • 1
  • 3
5
votes
1 answer

Kerberos authentication with SSPI

Note: I manage to make some progress, see the edit for my current question, thanks. I would like to use libcurl on Windows to access websites with a Kerberos/GSSAPI authentication. I first tried to work it out with MIT Kerberos, but I also require…
adaigle
  • 101
  • 1
  • 8
4
votes
1 answer

TLS Handshake process by InitializeSecurityContext (Schannel)

I have to implement an TLS handshake process using the SSPI interface. My app implements the client side, and as I saw from here the general flow is: InitializeSecurityContext - first call return a pointer to a SecBufferDesc structure. Call to…
RRR
  • 3,937
  • 13
  • 51
  • 75
4
votes
2 answers

LogonUser returns true for a disabled account

i am calling LogonUser to try to validate a set of credentials: LogonUser("forest", "avatopia.com" "stapler", LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_WINNT50, out token); And it returns true, even though the account is disabled: i also…
Ian Boyd
  • 246,734
  • 253
  • 869
  • 1,219
4
votes
0 answers

.NET/MYSQL RDS: Intermittent Issue A call to SSPI failed, see inner exception, he message or signature supplied for verification has been altered

Seeing this error seemingly randomly (never been able to recreate): Intermittent A call to SSPI failed, see inner exception, he message or signature supplied for verification has been altered .net 4.5 connecting to MYSQL 5.7.21 on RDS. Is this an…
YouCantGetThereFromHere
  • 41
  • 4
1
2
3
14 15