How to use System.Net.Mail without hard-coding NetworkCredentials?

1
votes

I have a program I'm working on trying to find out how I could do this. Currently I'm using System.Net.Mail to send smtp messages. Our smtp server (office 365) requires authentication to send outgoing mail. Our office 365 is paired to our domain with Single Sign on and AD so our credentials are synced with Microsoft Office 365. How can I use the Kerberos tokens to send mail without having to put NetworkCredential basicCredential = new NetworkCredential(username, password) in plain text? Is this even possible?

Currently sending mail via

NetworkCredential basicCredential = new NetworkCredential("<<username>>", strPassword);

client.Credentials = basicCredential;
client.EnableSsl = true;
client.Send(message);

Basically I want the app to take my windows username and password and send the messages.

Thanks

1
c#emailsystem.net.mail
I'm confused on where you are getting stuck. You've stated 'currently sending email', as in it already works? What doesn't work, or what needs to change? - William Holroyd
Its going to be a work app for other employees in the department not just for me. So it would need to be able to look up the credentials of the individual users. - Brian Weaver
So your goal is to use the credentials of a currently logged in user to send the emails this program wants to send? - William Holroyd
Yes. And I have already tried DefaultCredentials and DefaultNetworkCredentials - Brian Weaver
Were you still trying to use client.Credentials when using DefaultCredentials? - William Holroyd

1 Answers

0
votes

I'm not aware of your technical background, so stepping back in regards to the comment about plain text passwords and usage of Kerberos...

When it comes to authenticating with SMTP servers, Kerberos is not used at all. Kerberos means both the client and the server communicate with the Active Directory controller for authentication. Kerberos is not part of the SMTP specification, but SMTP servers can validate using Active Directory similar to how NTLM works (server is the only who talks to AD).

So long as you are using SSL to send the email, you should be fine. It doesn't matter if the credentials are plain text in the payload so long as the transport is secure. If you run into issues connecting to Office365 because of TLS (you get a 5.7.1 error), you can try this just before client.Send()...

client.TargetName = "STARTTLS/smtp.office365.com";

If you are trying to use the currently logged in user's credentials, the "UseDefaultCredentials = true" should work so long as you're not setting Credentials. You could use both, but the order of their usage could reset the other.