NegotiateStream.AuthenticateAsClientAsync Method (NetworkCredential, ChannelBinding, String, ProtectionLevel, TokenImpersonationLevel)

.NET Framework (current version)

Called by clients to authenticate the client, and optionally the server, in a client-server connection as an asynchronous operation. The authentication process uses the specified credential, authentication options, and channel binding.

Namespace:   System.Net.Security
Assembly:  System (in System.dll)

<HostProtectionAttribute(SecurityAction.LinkDemand, ExternalThreading := True)>
Public Overridable Function AuthenticateAsClientAsync (
	credential As NetworkCredential,
	binding As ChannelBinding,
	targetName As String,
	requiredProtectionLevel As ProtectionLevel,
	allowedImpersonationLevel As TokenImpersonationLevel
) As Task


Type: System.Net.NetworkCredential

The NetworkCredential that is used to establish the identity of the client.

Type: System.Security.Authentication.ExtendedProtection.ChannelBinding

The ChannelBinding that is used for extended protection.

Type: System.String

The Service Principal Name (SPN) that uniquely identifies the server to authenticate.

Type: System.Net.Security.ProtectionLevel

One of the ProtectionLevel values, indicating the security services for the stream.

Type: System.Security.Principal.TokenImpersonationLevel

One of the TokenImpersonationLevel values, indicating how the server can use the client's credentials to access resources.

Return Value

Type: System.Threading.Tasks.Task

Returns Task

The task object representing the asynchronous operation.

Exception Condition

targetName is null.

- or -

credential is null.


allowedImpersonationLevel is not a valid value.


The authentication failed. You can use this object to retry the authentication.


The authentication failed. You can use this object to retry the authentication.


Authentication has already occurred.

- or -

This stream was used previously to attempt authentication as the server. You cannot use the stream to retry authentication as the client.


This object has been closed.

Use the requiredProtectionLevel parameter to request security services for data transmitted using the authenticated stream. For example, to have the data encrypted and signed, specify the EncryptAndSign value. Successful authentication does not guarantee that the requested ProtectionLevel has been granted. You must check the IsEncrypted and IsSigned properties to determine what security services are used by the NegotiateStream.

The ChannelBinding used for extended protection that is passed to this method in the binding parameter would be retrieved by an application from TransportContext property on the associated SslStream.

If the authentication fails, you receive an AuthenticationException or an InvalidCredentialException. In this case, you can retry the authentication with a different credential.

.NET Framework
Available since 4.5
Return to top