Endpoint as Server Logon Profile

Article
06/14/2014

This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.

As an object representing a communicating party, a SIP endpoint is a logical place for holding the server logon profile that includes information such as the IP address of the underlying server running Office Communications Server, allowed and supported authentication modes, user credentials used to authenticate the client, and the transport used in connections.

An application must first set the profile before registering an endpoint with the SIP registrar. The application sets the server logon values by calling methods on the IUccServerSignalingSettings interface. For example, the client calls the SetCredential method, accessible through the CredentialCache property on the IUccServerSignalingSettings interface, to set user credentials needed for authentication. IUccServerSignalingSettings provides a property to set the allowed authentication modes using the AllowedAuthenticationModes property.

Obtaining Server Logon Profile Object

To obtain the server logon profile object, an application queries the interface on an IUccEndpoint object for the IUccServerSignalingSettings interface. In C#, this amounts to casting an IUccEndpoint object into an IUccServerSignalingSettings object.

Specifying Allowed Authentication Modes

A SIP server can challenge a client for authentication information. Unified Communications Client API applications can choose to use one or more authentication modes by setting the AllowedAuthenticationModes property. The supported authentication modes are defined in the enumeration type of UCC_AUTHENTICATION_MODES and include NTLM, Kerberos, digest, and basic authentication schemes. It is possible that the server might not challenge the client, but the client can never be validated. The security feature is only available to registration-based endpoints. The operations do not apply to proxy endpoints.

Specifying Transport Mode

Transport used for transmitting messages affects the level of signaling privacy supported by an application. Unified Communications Client API can choose Transmission Control Protocol (TCP) or Transport Layer Security (TLS) as the transport. With TCP, communications are transmitted in plain text, whereas the TLS encrypts messages in transmission. To use TLS, the server must support TLS and be configured to trust the client or the domain of the client. Office Communications Server supports TLS. Unified Communications Client API applications can set the transport mode using the TransportMode property. The allowed values on this property are enumerated in the enumeration type of UCC_TRANSPORT_MODE.

Using a transport might also depend on the mode of authentication. If the basic authentication mode is used, the password is sent to the server in plain text. The application must then always use TLS transport. This ensures that the password is encrypted in the transport layer. However, if the NTLM or Kerberos authentication mode is used, the transport can be TCP or TLS.

For a full C# example of obtaining a server logon settings object from an endpoint, see Create a Principal Endpoint.

Endpoint as Server Logon Profile

Obtaining Server Logon Profile Object

Specifying Allowed Authentication Modes

Specifying Transport Mode

See Also

Concepts

Additional resources