Hello -

I'm working on a team to build a Client and Service application using VB.Net. This is basically a Client/Server app, but the server needs to run as a windows service. We are fleshing out the architecture at the moment, and we are investigating communication and authentication between the client and the server. I'm familiar with Noninteractive Authentication and the SSPI model, or at least I have a working knowledge of them. The decision that needs to be made is this: which protocol should be used for communication and authentication between the client and server? It is a must that the protocol be secure. I understand that there are the following SSP packages provided by MS (which is basically what we're working with since an additional install is very unlikely):

- Microsoft Negotiate
- Microsoft NTLM
- Microsoft Kerberos
- Microsoft Digest SSP
- Secure Channel (SChannel)

We aren't running anything older than windows 2000, so that kind of eliminates NTLM. Digest SSP sounds too light and we aren't communicating in HTTP or SASL, so that pretty much rules out Digest. SChannel is for internet communications, so that's gone. But before I submit to Kerberos, I wanted to ask how other developers have handled this. In a secure client/server app, what have others used for network communication and authentication?

Thanks in advance for your two cents!