Ntlm C# Reference Documentation

Ntlm

Current Version: 10.0.0

API for implemeting both client and server sides of the NTLM protocol/algorithm. The Chilkat NTLM API is included as part of the "Chilkat Crypt" license.

Object Creation

Chilkat.Ntlm obj = new Chilkat.Ntlm();

Properties

ClientChallenge
public string ClientChallenge {get; set; }

The ClientChallenge is passed in the Type 3 message from the client to the server. It must contain exactly 8 bytes. Because this is a string property, the bytes are get/set in encoded form (such as hex or base64) based on the value of the EncodingMode property. For example, if the EncodingMode property = "hex", then a hex representation of 8 bytes should be used to set the ClientChallenge.

Note: Setting the ClientChallenge is optional. If the ClientChallenge remains unset, it will be automatically set to 8 random bytes when the GenType3 method is called.

top
DebugLogFilePath
public string DebugLogFilePath {get; set; }

If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.

This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:

  1. a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
  2. the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
  3. there is an internal problem (bug) in the Chilkat code that causes the hang.

top
DnsComputerName
public string DnsComputerName {get; set; }

Optional. This is information that would be set by the server for inclusion in the "Target Info" internal portion of the Type 2 message. Note: If any optional "Target Info" fields are provided, then both NetBiosComputerName and NetBiosDomainName must be provided.

top
DnsDomainName
public string DnsDomainName {get; set; }

Optional. This is information that would be set by the server for inclusion in the "Target Info" internal portion of the Type 2 message. Note: If any optional "Target Info" fields are provided, then both NetBiosComputerName and NetBiosDomainName must be provided.

top
Domain
public string Domain {get; set; }

Optional. May be set by the client for inclusion in the Type 1 message.

top
EncodingMode
public string EncodingMode {get; set; }

Determines the encoding mode used for getting/setting various properties, such as ClientChallenge. The valid case-insensitive modes are "Base64", "modBase64", "Base32", "UU", "QP" (for quoted-printable), "URL" (for url-encoding), "Hex", "Q", "B", "url_oath", "url_rfc1738", "url_rfc2396", and "url_rfc3986".

top
Flags
public string Flags {get; set; }

The negotiate flags that are set in the Type 1 message generated by the client and sent to the server. These flags have a default value and should ONLY be set by a programmer that is an expert in the NTLM protocol and knows what they mean. In general, this property should be left at it's default value.

The flags are represented as a string of letters, where each letter represents a bit. The full set of possible flags (bit values) are shown below:

NegotiateUnicode               0x00000001
NegotiateOEM                   0x00000002
RequestTarget                  0x00000004
NegotiateSign                  0x00000010
NegotiateSeal                  0x00000020
NegotiateDatagramStyle         0x00000040
NegotiateLanManagerKey         0x00000080
NegotiateNetware               0x00000100
NegotiateNTLMKey               0x00000200
NegotiateDomainSupplied        0x00001000
NegotiateWorkstationSupplied   0x00002000
NegotiateLocalCall             0x00004000
NegotiateAlwaysSign            0x00008000
TargetTypeDomain               0x00010000
TargetTypeServer               0x00020000
TargetTypeShare                0x00040000
NegotiateNTLM2Key              0x00080000
RequestInitResponse            0x00100000
RequestAcceptResponse          0x00200000
RequestNonNTSessionKey         0x00400000
NegotiateTargetInfo            0x00800000
Negotiate128                   0x20000000
NegotiateKeyExchange           0x40000000
Negotiate56                    0x80000000
The mapping of letters to bit values are as follows:
0x01 - "A"
0x02 - "B"
0x04 - "C"
0x10 - "D"
0x20 - "E"
0x40 - "F"
0x80 - "G"
0x200 - "H"
0x400 - "I"
0x800 - "J"
0x1000 - "K"
0x2000 - "L"
0x8000 - "M"
0x10000 - "N"
0x20000 - "O"
0x40000 - "P"
0x80000 - "Q"
0x100000 - "R"
0x400000 - "S"
0x800000 - "T"
0x2000000 - "U"
0x20000000 - "V"
0x40000000 - "W"
0x80000000 - "X"
The default Flags value has the following flags set: NegotiateUnicode, NegotiateOEM, RequestTarget, NegotiateNTLMKey, NegotiateAlwaysSign, NegotiateNTLM2Key. The corresponds to the string "ABCHMQ".

top
LastErrorHtml
public string LastErrorHtml {get; }

Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

top
LastErrorText
public string LastErrorText {get; }

Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

top
LastErrorXml
public string LastErrorXml {get; }

Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

top
LastMethodSuccess
public bool LastMethodSuccess {get; set; }

Indicate whether the last method call succeeded or failed. A value of true indicates success, a value of false indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:

  • Any method that returns a string.
  • Any method returning a Chilkat object, binary bytes, or a date/time.
  • Any method returning a standard boolean status value where success = true and failure = false.
  • Any method returning an integer where failure is defined by a return value less than zero.

Note: Methods that do not fit the above requirements will always set this property equal to true. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.

top
NetBiosComputerName
public string NetBiosComputerName {get; set; }

Optional. This is information that would be set by the server for inclusion in the "Target Info" internal portion of the Type 2 message. Note: If any optional "Target Info" fields are provided, then both NetBiosComputerName and NetBiosDomainName must be provided.

top
NetBiosDomainName
public string NetBiosDomainName {get; set; }

Optional. This is information that would be set by the server for inclusion in the "Target Info" internal portion of the Type 2 message. Note: If any optional "Target Info" fields are provided, then both NetBiosComputerName and NetBiosDomainName must be provided.

top
NtlmVersion
public int NtlmVersion {get; set; }

The version of the NTLM protocol to be used. Must be set to either 1 or 2. The default value is 1 (for NTLMv1). Setting this property equal to 2 selects NTLMv2.

top
OemCodePage
public int OemCodePage {get; set; }

If the "A" flag is unset, then Unicode strings are not used internally in the NTLM messages. Strings are instead represented using the OEM code page (i.e. charset, or character encoding) as specified here. In general, given that the Flags property should rarely be modified, and given that the "A" flag is set by default (meaning that Unicode is used), the OemCodePage property will not apply. The default value is the default OEM code page of the local computer.

top
Password
public string Password {get; set; }

The password corresponding to the username of the account to be authenticated. This must be set by the client prior to generating and sending the Type 3 message.

top
ServerChallenge
public string ServerChallenge {get; set; }

This is similar to the ClientChallenge in that it must contain 8 bytes.

The ServerChallenge is passed in the Type 2 message from the server to the client. Because this is a string property, the bytes are get/set in encoded form (such as hex or base64) based on the value of the EncodingMode property. For example, if the EncodingMode property = "hex", then a hex representation of 8 bytes should be used to set the ServerChallenge.

Note: Setting the ServerChallenge is optional. If the ServerChallenge remains unset, it will be automatically set to 8 random bytes when the GenType2 method is called.

top
TargetName
public string TargetName {get; set; }

The authentication realm in which the authenticating account has membership, such as a domain for domain accounts, or a server name for local machine accounts. The TargetName is used in the Type2 message sent from the server to the client.

top
UserName
public string UserName {get; set; }

The username of the account to be authenticated. This must be set by the client prior to generating and sending the Type 3 message.

top
VerboseLogging
public bool VerboseLogging {get; set; }

If set to true, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is false. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.

top
Version
public string Version {get; }

Version of the component/library, such as "9.5.0.94"

top
Workstation
public string Workstation {get; set; }

The value to be used in the optional workstation field in Type 1 message.

top

Methods

CompareType3
public bool CompareType3(string msg1, string msg2);

Compares the internal contents of two Type3 messages to verify that the LM and NTLM response parts match. A server would typically compute the Type3 message by calling GenType3, and then compare it with the Type3 message received from the client. The method returns true if the responses match, and false if they do not.

top
GenType1
public string GenType1();

Generates the Type 1 message. The Type 1 message is sent from Client to Server and initiates the NTLM authentication exchange.

Returns null on failure

top
GenType2
public string GenType2(string type1Msg);

Generates a Type2 message from a received Type1 message. The server-side generates the Type2 message and sends it to the client. This is the 2nd step in the NTLM protocol. The 1st step is the client generating the initial Type1 message which is sent to the server.

Returns null on failure

top
GenType3
public string GenType3(string type2Msg);

Generates the final message in the NTLM authentication exchange. This message is sent from the client to the server. The Type 2 message received from the server is passed to GenType3. The Username and Password properties are finally used here in the generation of the Type 3 message. Note, the Password is never actually sent. It is used to compute a binary response that the server can then check, using the password it has on file, to verify that indeed the client must've used the correct password.

Returns null on failure

top
LoadType3
public bool LoadType3(string type3Msg);

The server-side should call this method with the Type 3 message received from the client. The LoadType3 method sets the following properties: Username, Domain, Workstation, and ClientChallenge, all of which are embedded within the Type 3 message.

The server-side code may then use the Username to lookup the associated password and then it will itself call the GenType3 method to do the same computation as done by the client. The server then compares it's computed Type 3 message with the Type 3 message received from the client. If the Type 3 messages are exactly the same, then it must be that the client used the correct password, and therefore the client authentication is successful.

Returns true for success, false for failure.

top
ParseType1
public string ParseType1(string type1Msg);

For informational purposes only. Allows for the server-side to parse a Type 1 message to get human-readable information about the contents.

Returns null on failure

top
ParseType2
public string ParseType2(string type2Msg);

For informational purposes only. Allows for the client-side to parse a Type 2 message to get human-readable information about the contents.

Returns null on failure

top
ParseType3
public string ParseType3(string type3Msg);

For informational purposes only. Allows for the server-side to parse a Type 3 message to get human-readable information about the contents.

Returns null on failure

top
SetFlag
public bool SetFlag(string flagLetter, bool onOrOff);

Sets one of the negotiate flags to be used in the Type 1 message sent by the client. It should normally be unnecessary to modify the default flag settings. For more information about flags, see the description for the Flags property above.

Returns true for success, false for failure.

top