SocketsHttpHandler cannot authenticate NTLM with username format user@domain.com #94303
Comments
|
From @vinhdp195 on Wed, 01 Nov 2023 08:04:32 GMT I want to be able to successfully authenticate at No.3 using SocketsHttpHandler, what should I do? |
|
From @rolfbjarne on Thu, 02 Nov 2023 16:31:30 GMT Moving to dotnet/runtime since that's where the code for SocketsHttpHandler lives, and it seems that's what this issue is about. |
ghost
added
the
|
Tagging subscribers to this area: @dotnet/ncl Issue DetailsFrom @vinhdp195 on Fri, 27 Oct 2023 04:50:42 GMT For Xamarin.iOS https://github.com/dotnet/designs/blob/main/accepted/2020/mono-convergence/platform-specific-httpclient.md#xamariniostvoswatchos However, NTLM authentication is not working well. Environment Project sample: Code sample: In the above example source: User Infomation in AD: Results when authenticating NTLM with SocketsHttpHandler and NSUrlSessionHandler:
It appears that only username is samName can be authenticated (OK) when using SocketsHttpHandler.
What is the reason for the above difference? Is it a bug? Copied from original issue xamarin/xamarin-macios#19366
|
|
CC @steveisok |
|
cc: @filipnavara AFAIK the |
|
Apple's GSSAPI implementation of NTLM always rewrites |
|
I'll try to post an example on how to use |
|
@vinhdp195 It would be useful if you can test with the <ItemGroup>
<RuntimeHostConfigurationOption Include="System.Net.Security.UseManagedNtlm" Value="true" />
</ItemGroup>This should replace the NTLM implementation for SocketsHttpHandler with a managed one written in .NET. This the same implementation that shipped on Android in .NET 7. |
I tried as you suggested. Source code: Results: In your environment, with the source code as above, is it possible to authenticate successfully (Code 200 OK) or not? |
|
Triage: we should investigate in 9.0 |
|
@filipnavara @CarnaViire |
I didn't get to test it yet, and I don't have the server environment readily available at the moment. I hope to test it soon, perhaps later this week. |
|
@filipnavara @CarnaViire Environment as below: |
|
@vinhdp195 do I understand correctly that .NET 8 works properly in all cases, and this issue can be closed? |
|
@filipnavara do you remember why this was added as a "private" msbuild property with underscore? |
|
@akoeplinger That property was only added in .NET 9 and it was not backported to .NET 8 SDK. Underscore is generally used for unsupported/undocumented properties. In .NET 9 the default value for iOS/macOS was changed anyway, so the property would not help in this case. |
That's right. At Net8, after applying UseManagedNtlm, I was able to resolve the error this time. |
|
Thanks. Closing as answered. |
|
@CarnaViire I'd like to ask again about backporting dotnet/sdk#34903 to .NET 8 SDK. It was done late in the .NET 8 cycle and the backport question somehow drowned in the noise. It adds the |
|
I'm not sure it will meet the bar for a backport at this point... given that the app-context switch exists and works... cc @wfurt @dotnet/ncl @vitek-karas @sbomer |
From @vinhdp195 on Fri, 27 Oct 2023 04:50:42 GMT
For Xamarin.iOS https://github.com/dotnet/designs/blob/main/accepted/2020/mono-convergence/platform-specific-httpclient.md#xamariniostvoswatchos
There are 3 handlers available (SocketsHttpHandler, CFNetworkHandler, and NSUrlSessionHandler)
After upgrading to NET7, it’s similar.
However, NTLM authentication is not working well.
SocketsHttpHandler cannot authenticate with a username in the form of user@domain.com.
There is a difference between NSUrlSessionHandler and SocketsHttpHandler.
I need to know why this difference exists.
Environment
Currently running on IOS devices with version 15/16 (Iphone/Ipad)
Visual Stuido 2022 version 17.5.4
Xcode_14.2
xamarin.ios-16.0.0.72
MonoFramework-MDK-6.12.0.182.macos10.xamarin.universal
Project sample:
https://github.com/vinhdp195/HttpRequestSample
Code sample:
https://github.com/vinhdp195/HttpRequestSample/blob/main/MauiApp1/MainPage.xaml.cs
In the above example source:
CheckHttpAsync() method uses NSUrlSessionHandler as a parameter for HttpClient
CheckSocketAsync() method uses SocketsHttpHandler as a parameter for HttpClient
User Infomation in AD:
user logon name: admin@sample.com
user logon (pre-windows 2000) : domain\samName
samAccountName is "samName"
Results when authenticating NTLM with SocketsHttpHandler and NSUrlSessionHandler:
It appears that only username is samName can be authenticated (OK) when using SocketsHttpHandler.
What is the reason for the above difference? Is it a bug?
I want to be able to successfully authenticate at No.3 using SocketsHttpHandler, what should I do?
(Besides, the reason I have to use SocketsHttpHandler for my project is because NSUrlSessionHandler on iOS does not support passing in WebProxy)
Copied from original issue xamarin/xamarin-macios#19366
The text was updated successfully, but these errors were encountered: