2.0 smtpclient permission mystery

[Daniel Billingsley]

I have an application that has been sending email alerts successfully for a
few months. Not it has stopped.

My investigation has taken me to some kind of permission issue.

Test #1 - If I use the smtpclient with the defaultCredentials=true option in
the configuration file I get a timeout when I try to perform the send
method.

Test #2 - If I explicitly give it the same credentials with which I am
logged in when I perform test #1, it works perfectly.

What could be going on?

 

[Luke Zhang [MSFT]]

Hello Daniel,

Is the application a windows form application or a windows service running
under other user account?

Here is a sample to use default Credential sending emails:


SmtpClient client = new SmtpClient(server, port);
client.Credentials = CredentialCache.DefaultNetworkCredentials;
client.Send(message);

Is this similar with your code? If so, you may check the value of
CredentialCache.DefaultNetworkCredentials, is it correct (as your current
logon user account)?

Regards,

Luke Zhang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Daniel Billingsley]

It is a windows forms application.

My code is just:

SmtpClient client = new SmtpClient();
client.Timeout = 5000;
client.Send(_message);

And in the app.config:
<mailSettings>
<smtp deliveryMethod="Network">
<network host="192.168.20.13" port="25" defaultCredentials="true"/>
</smtp>
</mailSettings>

If I add
client.Credentials = new System.Net.NetworkCredential("name", "password",
"domain");

into the code then it works, even using the credentials identical to what I
used to log in.

 

[Luke Zhang [MSFT]]

If you add the code like:

client.Credentials = CredentialCache.DefaultNetworkCredentials;

instead of

client.Credentials = new System.Net.NetworkCredential("name", "password",
"domain");

Will it fail or work? If it failed, you may check the value of
CredentialCache.DefaultNetworkCredentials, is it in correct value?

Regards,

Luke Zhang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Daniel Billingsley]

Ok, this is bizarre.

When I add that code and examine with the debugger I find that the Domain,
UserName and Password properties are blank.

Here's where things get weird. This code is actually part of an alerting
mechanism for two services running on my laptop. Both services are set to
run under my same login credentials since they're in the beta stage. Both
services successfully send the emails when I am not logged in, but get the
timeout error when I am.

The testing I'm doing now is in a 3rd windows forms applications.

FYI - the admin did uninstall WINS from a domain controller the day this
started failing. I can't imagine how that could matter, but it seems like a
strange coincidence. We even tried putting WINS back on though - no
difference.

 

[Luke Zhang [MSFT]]

Hello,

CredentialCache.DefaultNetworkCredentials needs the permission of
EnvironmentPermissionAccess.Read, Is your account an local admin, and the
Code Access Security on the server is not changed sicne the error occur? It
may also be network configuration issue, you may create a VBS file with
following code:

Set WshNetwork = CreateObject("WScript.Network")
msgbox "Domain = " & WshNetwork.UserDomain
msgbox "Computer Name = " & WshNetwork.ComputerName
msgbox "User Name = " & WshNetwork.UserName

Can it give correct result when you running it on the server?

Regards,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Daniel Billingsley]

Well, first, there is no "server". As I explained, the services and the
test program are all running on my laptop using my normal login credentials.

I am in fact a local administrator on the laptop. Does the
defaultCredentials="true" app.config element require the user be an
administrator as well? That seems like a requirement that would render this
all rather useless.

I don't believe the local admin membership or the code access security have
changed. Remember, the service sends emails fine if I am logged off but
times out when I am logged in.

I ran that vbs script on this laptop and it returned all three piece of
information correctly.

 

[Luke Zhang [MSFT]]

How about following code:

System.Net.CredentialCache.DefaultCredentials;

Will it also return blank or correct value?

Regards,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Daniel Billingsley]

Blank in my test windows forms application.

 

[Luke Zhang [MSFT]]

Thank you for update. I am performing more research on this issue and will
update you as soon as possible.

Regards,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Luke Zhang [MSFT]]

Hello Daniel,

How about following code:

string s = Thread.CurrentPrincipal.Identity.Name + " "
+WindowsIdentity.GetCurrent().Name ;

Will it give you correct result?

BTW, can you let me know your email so we can better communicate on this
issue. To get my actual email, please remove "online" from my display email.

Thanks,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Daniel Billingsley]

I sent this to your email. If you didn't get it let me know so we can see
what happened.

Thanks for your help.

I modified your test slightly to show more distinct information since the
result wasn't as expected (I don't think).

string s = "|" + System.Threading.Thread.CurrentPrincipal.Identity.Name +
"|";

string ss = "|" +
System.Security.Principal.WindowsIdentity.GetCurrent().Name + "|";

bool a = System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated;



The results for me are:

s = ||

ss = |LA\\dbillingsley|

a = false

ss is correct by the way



If I add

AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);

before these three lines then a=true and s=ss.

The service I have running on this laptop has been consistent for a week
now. It runs 24 hours a day and during the day when I am logged in it times
out sending an email, but at night when I am logged out it is successful.
What would be changing from the service's perspective depending on whether
its specified log on account was actually currently also logged in or not to
the console? That seems very bizarre.

 

[Luke Zhang [MSFT]]

Hi Dan,



Thank you for the information. For further trouble shooting, I suggest you
may perform a network capture while running your application:



1. Download your favorite network capture utility

2. Start the network capture utility

3. Run your test program, with your defaultCredentials set to true (this
should fail)

4. Stop the network capture utility

Review the network capture utility to see if authentication is taking place
between your program and the remote SMTP server. Look for the command AUTH.



Next repeat steps 2 - 4 but change the defaultCredentials to false. Does
this work? If it does, review and compare the two network captures to see
the differences.



Additionally, can below code:



AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.Princip
alPolicy.WindowsPrincipal)



Make the email sent if you use defaultCredentials as true?



Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Daniel Billingsley]

Ok, sorry for the delay. Holidays, vacations and all that fun.

Here's the results of my capture tests.

Test #1: DefaultCredentials = true

I see the AUTH command going to the server, followed by a Response with some
kind of hash string. There are a few exchanges of Response and Message Body
messages and then a "Response: 234 2.7.0 Authentication successful". The
next and final message (before the timeout) is a Message Body going to the
server.

Test #2: DefaultCredentials = false
The email goes through. There is no AUTH command in the capture. I
understand this would be sending anonymously.

Test #3: DefaultCredentials = false, client.Credentials =
System.Net.CredentialCache.DefaultNetworkCredentials
Same results as test #1, including the timeout error.

It turns out the code I posted to call SetPrincipalPolicy() didn't work if
DefaultCredentials=true so that really had nothing to do with my test
working or not.

I was researching another problem I'm having and found it may be related to
the fact I've loaded part (workflow) of the WinFX CTP. Could this be
related by any chance?

 

[Luke Zhang [MSFT]]

Thank you for the update. Can you let me know your actual email so we can
better coomunicate on the issue? To get my actual email, please remove
"online" from my display email.

Thanks,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Luke Zhang [MSFT]]

Hi Dan,

1. Are there any differences in the message body being sent? Try to shorten
the length of the message to see if that resolves the issue. What could be
at play here is that a character could be causing the remote SMTP server to
hang thinking that the message body has not ended. An example of this would
be the <CR><LF> characters

2. Give us the exact error message that is being returned from the remote
SMTP server. This should be available in the network capture.

3. Uninstall the WinFX CTP, does that have any affect on the issue? As far
as I know the workflow part of the WinFX CTP does have some integration
into SMTP but I am not sure if its the culprit here

4. Check to see if the customer has a SMTP server installed locally on the
machine running the service.

Regards,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)