fix tests

src/libraries/Common/tests/System/Net/EnterpriseTests/EnterpriseTestConfiguration.cs

@@ -7,6 +7,7 @@ public static class EnterpriseTestConfiguration
     {
         public const string Realm = "LINUX.CONTOSO.COM";
         public const string NegotiateAuthWebServer = "http://apacheweb.linux.contoso.com/auth/kerberos/";
+        public const string NegotiateAuthWebServerNotDefaultPort = "http://apacheweb.linux.contoso.com:8081/auth/kerberos/";
         public const string AlternativeService = "http://altweb.linux.contoso.com:8080/auth/kerberos/";
         public const string NtlmAuthWebServer = "http://apacheweb.linux.contoso.com:8080/auth/ntlm/";
         public const string DigestAuthWebServer = "http://apacheweb.linux.contoso.com/auth/digest/";

src/libraries/Common/tests/System/Net/EnterpriseTests/setup/apacheweb/apache2.conf

@@ -54,6 +54,7 @@ Listen 8080
 </IfDefine>
 <IfDefine !ALTPORT>
 Listen 80
+Listen 8081
 </IfDefine>
 
 #
@@ -238,7 +239,7 @@ Group daemon
 # e-mailed.  This address appears on some server-generated pages, such
 # as error documents.  e.g. [email protected]
 #
-ServerAdmin you@example.com
+ServerAdmin webmaster@contoso.com
 
 #
 # ServerName gives the name and port that the server uses to identify itself.
@@ -583,11 +584,18 @@ SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
 </IfModule>
 
+<IfDefine ALTPORT>
 <VirtualHost *:8080>
-  ServerAdmin [email protected]
   DocumentRoot "/setup/altdocs"
   ServerName altservice.contoso.com:8080
 </VirtualHost>
+</IfDefine>
+
+<IfDefine !ALTSPN>
+<VirtualHost *:8081>
+  DocumentRoot "/setup/htdocs"
+</VirtualHost>
+</IfDefine>
 
 
 <IFDefine NTLM>

src/libraries/Common/tests/System/Net/EnterpriseTests/setup/apacheweb/run.sh

@@ -11,6 +11,7 @@ if [ "$1" == "-debug" ]; then
 fi
 
 if [ "$1" == "-DNTLM" ]; then
+  # NTLM/Winbind is aggressive and eats Negotiate so it cannot be combined with Kerberos
   ./setup-pdc.sh
   /usr/sbin/apache2 -DALTPORT "$@"
   shift

src/libraries/Common/tests/System/Net/EnterpriseTests/setup/docker-compose.yml

@@ -41,7 +41,7 @@ services:
     hostname: altweb
     domainname: linux.contoso.com
     dns_search: linux.contoso.com
-    command: -DALTPORT
+    command: "-DALTPORT -DALTSPN"
     volumes:
       - shared-volume:/SHARED
     networks:

src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs

@@ -16,24 +16,27 @@ internal static partial class AuthenticationHelper
         private const string UsePortInSpnCtxSwitch = "System.Net.Http.UsePortInSpn";
         private const string UsePortInSpnEnvironmentVariable = "DOTNET_SYSTEM_NET_HTTP_USEPORTINSPN";
 
-        private static bool UsePortInSpn()
+        private static bool UsePortInSpn
         {
-            // First check for the AppContext switch, giving it priority over the environment variable.
-            if (AppContext.TryGetSwitch(UsePortInSpnCtxSwitch, out bool disabled))
+            get
             {
-                return disabled;
-            }
+                // First check for the AppContext switch, giving it priority over the environment variable.
+                if (AppContext.TryGetSwitch(UsePortInSpnCtxSwitch, out bool disabled))
+                {
+                    return disabled;
+                }
 
-            // AppContext switch wasn't used. Check the environment variable.
-            string? envVar = Environment.GetEnvironmentVariable(UsePortInSpnEnvironmentVariable);
+                // AppContext switch wasn't used. Check the environment variable.
+                string? envVar = Environment.GetEnvironmentVariable(UsePortInSpnEnvironmentVariable);
 
-            if (envVar is not null)
-            {
-                return envVar == "1" || envVar.Equals("true", StringComparison.OrdinalIgnoreCase);
-            }
+                if (envVar is not null)
+                {
+                    return envVar == "1" || envVar.Equals("true", StringComparison.OrdinalIgnoreCase);
+                }
 
-            return false;
-         }
+                return false;
+             }
+        }
 
         private static Task<HttpResponseMessage> InnerSendAsync(HttpRequestMessage request, bool async, bool isProxyAuth, HttpConnectionPool pool, HttpConnection connection, CancellationToken cancellationToken)
         {

src/libraries/System.Net.Http/tests/EnterpriseTests/HttpClientAuthenticationTest.cs

@@ -11,14 +11,19 @@ namespace System.Net.Http.Enterprise.Tests
     [ConditionalClass(typeof(EnterpriseTestConfiguration), nameof(EnterpriseTestConfiguration.Enabled))]
     public class HttpClientAuthenticationTest
     {
+        private const string AppContextSettingName = "System.Net.Http.UsePortInSpn";
+
         [Theory]
         [InlineData(EnterpriseTestConfiguration.NegotiateAuthWebServer, false)]
-        [InlineData(EnterpriseTestConfiguration.AlternativeService, false)]
+        [InlineData(EnterpriseTestConfiguration.NegotiateAuthWebServerNotDefaultPort, false)]
+        [InlineData(EnterpriseTestConfiguration.AlternativeService, false, true)]
         [InlineData(EnterpriseTestConfiguration.DigestAuthWebServer, true)]
         [InlineData(EnterpriseTestConfiguration.DigestAuthWebServer, false)]
         [InlineData(EnterpriseTestConfiguration.NtlmAuthWebServer, true)]
-        public async Task HttpClient_ValidAuthentication_Success(string url, bool useDomain)
+        public async Task HttpClient_ValidAuthentication_Success(string url, bool useDomain, bool useAltPort = false)
         {
+            // This is safe as we have no parallel tests
+            AppContext.SetSwitch(AppContextSettingName, useAltPort);
             using var handler = new HttpClientHandler();
             handler.Credentials = useDomain ? EnterpriseTestConfiguration.ValidDomainNetworkCredentials : EnterpriseTestConfiguration.ValidNetworkCredentials;
             using var client = new HttpClient(handler);