Skip to content

Implement NegotiateAuthentication API #70720

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
wfurt merged 28 commits into from
Jun 21, 2022
Merged

Implement NegotiateAuthentication API #70720

Changes from 1 commit
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
4ac2501
WIP: Add implementation of NegotiateAuthentication
filipnavara Jun 3, 2022
c7a6bce
WIP: Update error code mapping
filipnavara Jun 4, 2022
5d5c61f
Spanify input of GetOutgoingBlob
filipnavara Jun 4, 2022
d0d1bba
Update comments
filipnavara Jun 4, 2022
982e7c3
Move NegotiateStreamPal.Encrypt/Decrypt to shared sources. Unix imple…
filipnavara Jun 4, 2022
cbd24a2
Revert accidental change
filipnavara Jun 4, 2022
9d4d557
Build fixes.
filipnavara Jun 4, 2022
c371515
Fix error handling condition
filipnavara Jun 4, 2022
3306c67
Update error mapping based on HttpListener usage.
filipnavara Jun 4, 2022
065d87c
WIP: HttpListener test
filipnavara Jun 7, 2022
447020a
Move workaround from HttpListener to low-level SSPI code
filipnavara Jun 7, 2022
bed08fa
Fix build
filipnavara Jun 14, 2022
318ca06
Clean up
filipnavara Jun 14, 2022
5474811
Revert "WIP: HttpListener test"
filipnavara Jun 14, 2022
4cdb8af
Convert System.Net.Http.FunctionalTests to use NegotiateAuthenticatio…
filipnavara Jun 14, 2022
34e47c4
Dispose the identity along NegotiateAuthentication
filipnavara Jun 14, 2022
73ac446
Modify unit tests to use the new API
filipnavara Jun 14, 2022
7e85f10
Add exceptions for invalid inputs/states
filipnavara Jun 14, 2022
7c870bd
Remove tvOS unsupported marker, managed NTLM is used on tvOS
filipnavara Jun 16, 2022
1bd0cde
Apply suggestions from code review
filipnavara Jun 14, 2022
e93f073
Fix typo
filipnavara Jun 14, 2022
5aae44d
Remove reference equality checks from IsNTLM/IsKerberos
filipnavara Jun 16, 2022
b746590
Remove NTAuthentication.AssociatedName to make it more obvious which …
filipnavara Jun 16, 2022
dd7dd9a
Add comment
filipnavara Jun 16, 2022
39a43b2
Add more tests, handle unsupported protocols
filipnavara Jun 16, 2022
9a4ccdf
Handle NotSupportedException from NTAuthentication constructor
filipnavara Jun 16, 2022
e86ce79
Add workaround for linker issue
filipnavara Jun 17, 2022
ffed0be
Apply suggestions from code review
filipnavara Jun 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Move workaround from HttpListener to low-level SSPI code
  • Loading branch information
@filipnavara
filipnavara authored Jun 16, 2022
commit 447020a5441fc330ee38cc0b5c3922530a4f171f
8 changes: 8 additions & 0 deletions src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.Windows.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,14 @@ internal static SecurityStatusPal AcceptSecurityContext(
ref outSecurityBuffer,
ref outContextFlags);

// SSPI Workaround
// If a client sends up a blob on the initial request, Negotiate returns SEC_E_INVALID_HANDLE
// when it should return SEC_E_INVALID_TOKEN.
if (winStatus == Interop.SECURITY_STATUS.InvalidHandle && securityContext == null && !incomingBlob.IsEmpty)
{
winStatus = Interop.SECURITY_STATUS.InvalidToken;
}

resultBlob = outSecurityBuffer.token;
securityContext = sslContext;
contextFlags = ContextFlagsAdapterPal.GetContextFlagsPalFromInterop(outContextFlags);
Expand Down