The following authentication methods are supported. Note, authentication (a.k.a "Trust") must be established for both the client/server. So the client/server may desire different levels of authentication. Again comments are desired.
None: No Authentication will occur. Connection is automatically mutually trusted based on something else like and IP address.
Trusted Private Key: The private key is trusted, not the contents of the certificate. This can be used to trust self-signed certificates since the identifying information of a self-signed certificate is meaningless.
Trusted Root Certificate + CNAME: If the certification is signed by a trusted root and has a valid CNAME, this establishes a trusted connection.
NTLM: Uses NTLM to trust the credentials.
Kerberos: Uses Kerberos to trust the connection.
LDAP: Uses LDAP for authentication.
APIKey: Uses a user generated API Key that is the same for both client/server. Some kind of Challenge/Response method will be employed here. It will also incorporate the public keys of all x.509 certificates to ensure that there is not a man-in-the-middle attack. Currently, I'm thinking using SCRAM, since it's relatively simple. SRP would be superior, but it's rather difficult to implement and isn't native to .NET.
You might consider adding OAuth2 to the APIKey section. This could add flexibility if you already have a trusted OAuth provider, or if you implement a in-product OAuth service such as IdentityServer4.
The following authentication methods are supported. Note, authentication (a.k.a "Trust") must be established for both the client/server. So the client/server may desire different levels of authentication. Again comments are desired.
None: No Authentication will occur. Connection is automatically mutually trusted based on something else like and IP address.
Trusted Private Key: The private key is trusted, not the contents of the certificate. This can be used to trust self-signed certificates since the identifying information of a self-signed certificate is meaningless.
Trusted Root Certificate + CNAME: If the certification is signed by a trusted root and has a valid CNAME, this establishes a trusted connection.
NTLM: Uses NTLM to trust the credentials.
Kerberos: Uses Kerberos to trust the connection.
LDAP: Uses LDAP for authentication.
APIKey: Uses a user generated API Key that is the same for both client/server. Some kind of Challenge/Response method will be employed here. It will also incorporate the public keys of all x.509 certificates to ensure that there is not a man-in-the-middle attack. Currently, I'm thinking using SCRAM, since it's relatively simple. SRP would be superior, but it's rather difficult to implement and isn't native to .NET.