WindowsClientCredential.AllowNtlm Property


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Note: This API is now obsolete.

Gets or sets a value that indicates whether NTLM authentication should be allowed as Windows SSPI Negotiate authentication.

Namespace:   System.ServiceModel.Security
Assembly:  System.ServiceModel (in System.ServiceModel.dll)

[ObsoleteAttribute("This property is deprecated and is maintained for backward compatibility only. The local machine policy will be used to determine if NTLM should be used.")]
public bool AllowNtlm { get; set; }

Property Value

Type: System.Boolean

true if NTLM authentication should be allowed as Windows SSPI Negotiate authentication, false otherwise. The default is true.

Setting this property to true allows authentication to downgrade to NTLM if Kerberos is not available.

Setting this property to false causes Windows Communication Foundation (WCF) to make a best-effort to throw an exception if NTLM is used. Note that setting this property to false may not prevent NTLM credentials from being sent over the wire.

Certain deployments such as workgroups and local accounts require NTLM authentication. Setting this flag to false in such deployments result in authentication failures when using WCF. In a deployment that requires mutual authentication (only supported by Kerberos), set this flag to false.

NTLM (Windows NT LAN Manager) is the authentication protocol used on networks that include systems running the Windows NT operating system, and on stand-alone systems.

The Microsoft Kerberos security package adds greater security than NTLM to systems on a network. Although Microsoft Kerberos is the protocol of choice, NTLM is still supported and must be used for network authentication if the network includes systems running versions of Windows NT 4.0 and earlier, and on stand-alone systems.

.NET Framework
Available since 3.0
Return to top