From 3622bfa4329faa73551b2508aade7777a04a3ca8 Mon Sep 17 00:00:00 2001
From: Jordan Borean <jborean93@gmail.com>
Date: Tue, 20 Aug 2024 18:50:44 +1000
Subject: [PATCH] Fix SSPI ComputeIntegrityCheck with Sign level (#105605)

Fix calling NegotiateAuthentication.ComputeIntegrityCheck on SSPI when
the negotiation context was built with ProtectionLevel.Sign. The
SECQOP_WRAP_NO_ENCRYPT QoP flag should not be set when calling GetMIC as
no encryption is involved and some authentication providers fail when
this is set.

Fix #103461

Co-authored-by: Tomas Weinfurt <tweinfurt@yahoo.com>
---
 .../src/System/Net/NegotiateAuthenticationPal.Windows.cs       | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Windows.cs b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Windows.cs
index 226b57ef3e0d5..8e86d3dc91ca7 100644
--- a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Windows.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Windows.cs
@@ -587,8 +587,7 @@ public override unsafe void GetMIC(ReadOnlySpan<byte> message, IBufferWriter<byt
                             pBuffers = unmanagedBuffer
                         };
 
-                        uint qop = IsEncrypted ? 0 : Interop.SspiCli.SECQOP_WRAP_NO_ENCRYPT;
-                        int errorCode = Interop.SspiCli.MakeSignature(ref _securityContext._handle, qop, ref sdcInOut, 0);
+                        int errorCode = Interop.SspiCli.MakeSignature(ref _securityContext._handle, 0, ref sdcInOut, 0);
 
                         if (errorCode != 0)
                         {