Reputation: 53
What type of authentication is System.Net.Mail.SmtpClient using when sending emails?
Hopefully this question makes sense. I have some C# code that sends an email message given the username, password, and domain. How do I know what type of authentication it's using?
When I looked at the MSDN page for SmtpClient.Credentials Property it said that if you use basic authentication then credentials are sent over as plain text. Is the below code using basic authentication? MSDN page: https://msdn.microsoft.com/en-us/library/system.net.mail.smtpclient.credentials(v=vs.110).aspx
SmtpClient smtpClient = new SmtpClient();
NetworkCredential cred = new NetworkCredential("username", "password");
MailMessage message = new MailMessage();
MailAddress fromEmail = new MailAddress("[email protected]");
smtpClient.Host = "mail.mydomain.com";
smtpClient.UseDefaultCredentials = false;
smtpClient.Credentials = cred;
message.From = fromEmail;
message.Subject = "my subject";
message.IsBodyHtml = true;
message.Body = "hello world!";
message.To.Add("[email protected]");
smtpClient.Send(message);
Upvotes: 5
Views: 7840
Answers (2)
Reputation: 28355
This method will use basic authentification and will send the code via unsecure channel. This is because:
The
SmtpClientclass only supports the SMTP Service Extension for Secure SMTP over Transport Layer Security as defined in RFC 3207. In this mode, the SMTP session begins on an unencrypted channel, then a STARTTLS command is issued by the client to the server to switch to secure communication using SSL. See RFC 3207 published by the Internet Engineering Task Force (IETF) for more information.
You can use the SSL for such situations:
The
EnableSslproperty specifies whether SSL is used to access the specified SMTP mail server.
Also please note that
You can use ClientCertificates to specify which client certificates should be used to establish the SSL connection. The ServerCertificateValidationCallback allows you to reject the certificate provided by the SMTP server. The SecurityProtocol property allows you to specify the version of the SSL protocol to use.
Upvotes: 1
Reputation: 1146
Typically SmtpClient will alway pick the "best" available authentication method (the SMTP server will tell the in the answer to the EHLO command). So we can't really answer without knowing what the server actually supports.
SmtpClient can choose from following methods: Negotiate, NTLM, Digest and Login
Here's some interesting reading about how to force SmtpClient to use a specific authentication method (slightly hack-ish btw.): http://blogs.msdn.com/b/knom/archive/2008/04/16/hacking-system-net-mail-smtpclient.aspx
Upvotes: 2
Related Questions
- How can I make SMTP authenticated in C#
- Cannot connect to smtp server that requires authentication
- How to validate smtp credentials before sending mail?
- Authenticating with a non-compliant SMTP server
- .net smtpclient password secure
- smtp server requires authentication but I believe it already has it
- SmtpClient sending without authentication
- Sending Authenticated SMTP Using C#
- C# SMTP mail sending usually fails due to lack of credentials?
- SMTP authentication with .NET fails