This documentation is archived and is not being maintained.

AuthenticationTypes Enumeration

Specifies the types of authentication used in System.DirectoryServices.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

[Visual Basic]
Public Enum AuthenticationTypes
public enum AuthenticationTypes
__value public enum AuthenticationTypes
enum AuthenticationTypes


The Secure flag can be used in combination with other flags such as ReadonlyServer, FastBind, and so on.

Serverless binding refers to a process in which a client attempts to bind to an Active Directory object without explicitly specifying an Active Directory server in the binding string, forexample,LDAP://CN=jsmith,DC=fabrikam,DC=Com. This is possible because the Lightweight Directory Access Protocol (LDAP) provider relies on the locator services of Windows 2000 to find the best domain controller (DC) for the client. However, the client must have an account on the Active Directory domain controller in order to take advantage of the serverless binding feature, and the domain controller used by a serverless bind will always be located in the default domain (the domain associated with the current security context of the thread that's doing the binding).

Note   None of these options are supported by the Novell Netware Directory Service (NDS) system provider.


Member name Description Value
Anonymous No authentication is performed. The providers may attempt to bind a client as an anonymous user to the targeted object. The WinNT provider does not support this flag. Active Directory establishes a connection between the client and the targeted object, but does not perform any authentication. Setting this flag amounts to requesting an unsecured binding, which means "Everyone" as the security context. 16
Delegation Enables Active Directory Services Interface (ADSI) to delegate the user's security context, which is necessary for moving objects across domains. 256
Encryption Forces ADSI to use encryption for data that is being exchanged over the network. 2
FastBind ADSI does not attempt to query the Active Directory objectClass property and thus only exposes the base interfaces supported by all ADSI objects instead of the full object support. A user can use this option to boost the performance in a series of object manipulations that involve only methods of the base interfaces. However, ADSI does not verify if any of the request objects actually exist on the server. For more information, see "Fast Binding Options for Batch Write/Modify Operations" in the Active Directory Programmer's Guide. 32
None Equates to a null reference (Nothing in Visual Basic). 0
ReadonlyServer For a WinNT provider, ADSI tries to connect to a primary domain controller (PDC) or a backup domain controller (BDC). For Active Directory, this flag indicates that a writable server is not required for a serverless binding. 4
Sealing Encrypts data using Kerberos. The Secure flag must also be set to use sealing. 128
Secure Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory uses Kerberos, and possibly NTLM, to authenticate the client. When the user name and password are a null reference (Nothing in Visual Basic), ADSI binds to the object using the security context of the calling thread, which is either the security context of the user account under which the application is running or of the client user account that the calling thread is impersonating. 1
SecureSocketsLayer Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. Active Directory requires the Certificate Server be installed to support Secure Sockets Layer (SSL) encryption. 2
ServerBind If your ADsPath includes a server name, specify this flag when using the LDAP provider. Do not use this flag for paths that include a domain name or for serverless paths. Specifying a server name without also specifying this flag results in unnecessary network traffic. 512
Signing Verifies data integrity to ensure that the data received is the same as the data sent. The Secure flag must also be set to use signing. 64


Namespace: System.DirectoryServices

Platforms: Windows 98, Windows NT 4.0, Windows Millennium Edition, Windows 2000, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 family

Assembly: System.Directoryservices (in System.Directoryservices.dll)

See Also

System.DirectoryServices Namespace | DirectoryEntry | DirectorySearcher | SearchResult