RE: Authentication through sockets

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Stefan Schachner[MSFT] (sschac_at_online.microsoft.com)
Date: 03/15/04 

Date: Mon, 15 Mar 2004 15:23:29 GMT

Manish,
        Are you going to be using a tunneling protocol? VPN/IPSec/L2TP? I was
trying to get an understanding of why you would need authentication for an
FTP application since everything is passed over the wire in clear text..
There a number security risks using authentication over sockets to an ftp.
FTP challenges for credentials only at login time, all other authenication
is "trusted" based on negotiated ports...ie. its prone to man-in-the-middle
attacks where a 3rd party can intercept the communication channel and take
over the FTP session and the server wouldn't ever rechallenge for creds, so
this person would not even need to know the creds (though they are sent in
clear text, so if they had access to the wire, they would have them
anyway).

I would recommend using BITS as the client-side transfer agent then you can
take advantage of restarts and scheduling, so you actually get more
flexibility than FTP.

For more information on using BITS...
818746 White Paper: Background Intelligent Transfer Service in Windows
Server
http://support.microsoft.com/?id=818746

In conclusion the traffic will not be secure unless you are using a
tunneling protocol.. At this point there is no difference in prompting the
user or not prompting at the proxy anyone with 3rd party tool can intercept
the connection. So at this point I would recommend using BITS...

I hope this makes sense...

Thanks
Stefan

--------------------
>>Thread-Topic: Authentication through sockets
>>thread-index: AcQH+YFxQW7iOFtfRJGmuvPUrQTF+A==
>>X-Tomcat-NG: microsoft.public.dotnet.distributed_apps
>>From: "=?Utf-8?B?TWFuaXNoIEJ1dHRhbg==?=" <Manish@ccipl.com>
>>References: <D143FDB5-1498-4D1F-8BCF-F7B40FF340D6@microsoft.com>
<cw7baK8BEHA.4044@cpmsftngxa06.phx.gbl>
>>Subject: RE: Authentication through sockets
>>Date: Thu, 11 Mar 2004 22:16:07 -0800
>>Lines: 12
>>Message-ID: <6C9A1FC2-95CC-431A-893C-D274A39F36F0@microsoft.com>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="Utf-8"
>>Content-Transfer-Encoding: 7bit
>>X-Newsreader: Microsoft CDO for Windows 2000
>>Content-Class: urn:content-classes:message
>>Importance: normal
>>Priority: normal
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>>Newsgroups: microsoft.public.dotnet.distributed_apps
>>Path: cpmsftngxa06.phx.gbl
>>Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.distributed_apps:8679
>>NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
>>X-Tomcat-NG: microsoft.public.dotnet.distributed_apps
>>
>>Hi Stefan,
    I am writing a FTP client application in C#.
   My problem is connecting to my FTP Server accross an authenticated proxy
server i.e my application is behind an authenticated proxy server and FTP
server is directly on the web.
  My application uses dotnet socket class to connect to the proxy and then
to my FTP Server, and works if the proxy is not authenticated.
    The call to socket's Connect method gives a response "User Invalid"
when the proxy requires authentication while connecting to the proxy.
 The Socket class does not provide any methods /properties to assign any
authentication parameters.
 So how can I pass authentication credentials to the proxy?

Thanks,

Manish.

>>

Stefan Schachner
Microsoft Community Tech Lead
This posting is provided “AS IS” with no warranties, and
confers no rights.

Quantcast