NegotiateAuthentication larger code size and also brings in BigInteger

[NinoFloris]

Afaik the following PR #87930 is part of .NET 8.0 preview 7, it caused a 60kb size regression for us:

preview 6: https://github.com/npgsql/npgsql/actions/runs/5930686472
preview 7: https://github.com/npgsql/npgsql/actions/runs/5931742857

Mostly due to it bringing in BigInteger (and a managed NegotiateAuthentication impl?)

Not sure what we can or want to do here.

/cc @filipnavara

[ghost]

Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Afaik the following PR #87930 is part of .NET 8.0 preview 7, it caused a 50kb size regression for us:

preview 6: https://github.com/npgsql/npgsql/actions/runs/5930686472
preview 7: https://github.com/npgsql/npgsql/actions/runs/5931742857

Mostly due to it bringing in BigInteger (and a managed NegotiateAuthentication impl?)

Not sure what we can or want to do here.

/cc @filipnavara

Author:	NinoFloris
Assignees:	-
Labels:	area-System.Net.Security, tenet-performance, untriaged
Milestone:	-

[wfurt]

what platforms is this on @NinoFloris? I think we do want to keep the managed implementation in. We can perhaps try to make it more trimming friendly.

[NinoFloris]

These builds were done on ubuntu

[filipnavara]

It should be trimmed out on Linux for NativeAOT unless the UseManagedNtlm option is turned on. I'll have a look.

[filipnavara]

Can you try adding this to the test app .csproj?

<ItemGroup>
  <RuntimeHostConfigurationOption Include="System.Net.Security.UseManagedNtlm" Value="false" Trim="true" />
</ItemGroup>

Generally the idea is that the ILLink substitution (https://github.com/dotnet/runtime/blob/main/src/libraries/System.Net.Security/src/ILLink/ILLink.Substitutions.xml) will turn System.Net.NegotiateAuthenticationPal.UseManagedNtlm into false and trim away the rest of the code. There are two possible failures that I can think of: 1) the substitution not taking place when the feature option is not specified at all, and 2) the resulting branch trimming not happening.

UPD: Apparently this doesn't help. :-/
UPD2: It does actually work, I just forgot to add Trim="true".

[filipnavara]

I reread the ILLink documentation and it seems we are missing featuredefault="true" attribute there. On .NET 9 we would need to conditionally use different substitution for macOS/iOS though.

[NinoFloris]

Does that mean it should be fixed for rc2 or where do we stand? Npgsql is a library, I can't ask people to flip these switches for us.

[filipnavara]

I will try to submit the fix and then we can see about backports.

[filipnavara]

I was not able to get featuredefault to do the right thing on NativeAOT yet. I'm trying to figure out whether it is supposed to work, or not. The alternative is to specify the option through RuntimeHostConfigurationOption in the NativeAOT build integration. I'll post once I have more details to share.

[karelz]

Triage: @wfurt discussed it with @jkotas and his suggestion was to NOT take it for 8.0 as it is size improvement, but not functional impact.
@NinoFloris are you ok with that for npgsql customers? (cc @roji)

[filipnavara]

I generally agree it doesn't meet the bar for 8.0 servicing, but should we try to backport the SDK switch (dotnet/sdk#34903) to make the workaround easier?

[NinoFloris]

Thanks, @karelz we are. We have added an explicit opt-in to our slim builder for "integrated security" auth, sidestepping the issue.

[roji]

Yeah, agreed this isn't critical for a 8.0 backport.