NegotiateStream.AuthenticateAsServer Method (NetworkCredential, ExtendedProtectionPolicy, ProtectionLevel, TokenImpersonationLevel)


Called by servers to authenticate the client, and optionally the server, in a client-server connection. The authentication process uses the specified server credentials, authentication options, and extended protection policy.

Namespace:   System.Net.Security
Assembly:  System (in System.dll)

public virtual void AuthenticateAsServer(
	NetworkCredential credential,
	ExtendedProtectionPolicy policy,
	ProtectionLevel requiredProtectionLevel,
	TokenImpersonationLevel requiredImpersonationLevel


Type: System.Net.NetworkCredential

The NetworkCredential that is used to establish the identity of the client.

Type: System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy

The ExtendedProtectionPolicy that is used for extended protection.

Type: System.Net.Security.ProtectionLevel

One of the ProtectionLevel values, indicating the security services for the stream.

Type: System.Security.Principal.TokenImpersonationLevel

One of the TokenImpersonationLevel values, indicating how the server can use the client's credentials to access resources.

Exception Condition

The CustomChannelBinding and CustomServiceNames on the extended protection policy passed in the policy parameter are both null.


credential is null.


requiredImpersonationLevel must be Identification, Impersonation, or Delegation,


The authentication failed. You can use this object to try to r-authenticate.


The authentication failed. You can use this object to retry the authentication.


Authentication has already occurred.

- or -

This stream was used previously to attempt authentication as the client. You cannot use the stream to retry authentication as the server.


Windows 95 and Windows 98 are not supported.


This object has been closed.


The policy parameter was set to Always on a platform that does not support extended protection.

If the policy parameter is null, then an extended protection policy is used that has PolicyEnforcement set to Never.

When authentication succeeds, you must check the IsEncrypted and IsSigned properties to determine what security services are used by the NegotiateStream. Check the IsMutuallyAuthenticated property to determine whether mutual authentication occurred.

This method blocks until the operation completes. To prevent blocking until the operation completes, use one of the BeginAuthenticateAsServer method overloads.

If the authentication fails, you receive an AuthenticationException or an InvalidCredentialException. In this case, you can retry the authentication with a different credential.

.NET Framework
Available since 2.0
Return to top