Make handling of DefaultCredentials in NegotiateAuthentication/SocketsHttpHandler more consistent #91138
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
added
the
community-contribution
|
Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones Issue DetailsFixes #91131
|
filipnavara
commented
Aug 25, 2023
| @@ -184,7 +180,7 @@ public UnixNegotiateAuthenticationPal(NegotiateAuthenticationClientOptions clien | |||
|
|
|||
| if (NetEventSource.Log.IsEnabled()) NetEventSource.Info(this, $"Peer SPN-> '{_spn}'"); | |||
|
|
|||
| if (clientOptions.Credential == CredentialCache.DefaultCredentials || | |||
| if (clientOptions.Credential == CredentialCache.DefaultNetworkCredentials || | |||
There was a problem hiding this comment.
Note: The equality check never worked because the objects are of different type.
filipnavara
commented
Aug 25, 2023
src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs
Outdated
Show resolved
Hide resolved
This was referenced Aug 26, 2023
filipnavara
force-pushed
the
nego-no-pnse
branch
3 times, most recently
from
46ee3f0
to
dc5eb35
Compare
…cationPal implementation for NTLM w/ default credentials. This was handled inconsistently between the managed NTLM implementation and the GSSAPI one. Add test for the behavior. Handle PlatformNotSupportedException in SocketsHttpHandler and Managed SPNEGO implementation. Add test to ensure SocketsHttpHandler using CredentialCache.DefaultCredentials with NTLM doesn't throw PNSE exception and returns the Unauthorized HTTP response instead.
filipnavara
force-pushed
the
nego-no-pnse
branch
from
dc5eb35
to
9e20382
Compare
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See PR #91160 for alternative approach.
Throw PNSE on Unix/Managed NegotiateAuthenticationPal implementation for NTLM w/ default credentials
PlatformNotSupportedExceptionwith a useful message that explains which parameters are unsupported.PlatformNotSupportedExceptioncorrectly.SocketsHttpHandler: Handle PNSE from NegotiateAuthentication as unsupported authentication and return server's response instead of passing the exception
NegotiateAuthenticationthe same way as if the authentication scheme was unsupported, and return the Unauthorized response from server.Fixes #91131