SecurePass authentication in C# with RADIUS

Well, Windows is not my favorite OS, but still Windows and Windows Servers are very popular. I received a lot of queries on how to authenticate against SecurePass using RADIUS and I decided to write a small program in C# and share it with everybody.

The code is just an example and has been tested using Mono under Mac OS X, but should work fine under Windows with Visual Studio.

First of all, you will need the dotnet radius client library from If you are running under Windows, you can download the pre-compiled DLL, otherwise you have to check-out the source files and compile them yourself.

Please have a look at the comments for more information.

 *  sp-login - Giuseppe Paterno' (
 *  Demo of logging in to SecurePass with C#/.NET
 *  through RADIUS protocol

using System;
using System.Net;
using Ais.Net.Radius;
using Ais.Net.Radius.Attributes;

namespace splogin
	class MainClass
		public static void Main (string[] args)
			string user, password;

			// Populate it with your radius secret
			// Better if you get it from a config file
			const string radius_secret = "mysecretpassword";

			// Get my IP address to send it as a NasIP address
			// This is just for logging
			string host = Dns.GetHostName();
			IPHostEntry ip = Dns.GetHostEntry(host);
			string nasIp = ip.AddressList[0].ToString();

			// Get IP address for the radius server, you will
			// never know what's the answer from the global
			// load balancing system.
			string SecurePassRadius = "";
			IPAddress[] addresslist = Dns.GetHostAddresses(SecurePassRadius);

			Console.WriteLine ("nWelcome to SecurePass .NET demo!");
			Console.WriteLine ("================================n");

			// Ask for username and password, i.e.
			// OTP + SecureFactor
			Console.Write("Username: ");
			user = Console.ReadLine ();

			Console.Write("Password: ");
			password = Console.ReadLine ();

			// Build a client with parameters
			var radiusClient = new Client(addresslist[0], 1812, radius_secret) {
				SendTimeout = 5000,
				ReceiveTimeout = 5000,
				Ttl = 50

			// Create an access request
			var request = new AccessRequest(nasIp, ServiceType.Framed, user,
                                                                            password, radiusClient);

			// Send with 3 retries
			var response = radiusClient.Send(request, true, 3);

			// Analyze the response packet
			if (response.Packet.PacketType == PacketType.AccessAccept)
				Console.WriteLine("Access granted");
				Console.WriteLine("Access denied");