Add exceptions for invalid inputs/states

src/libraries/System.Net.Security/src/System/Net/Security/NegotiateAuthentication.cs

@@ -23,6 +23,8 @@ public sealed class NegotiateAuthentication : IDisposable
         /// <param name="clientOptions">The property bag for the authentication options.</param>
         public NegotiateAuthentication(NegotiateAuthenticationClientOptions clientOptions)
         {
+            ArgumentNullException.ThrowIfNull(clientOptions);
+
             ContextFlagsPal contextFlags = ContextFlagsPal.Connection | clientOptions.RequiredProtectionLevel switch
             {
                 ProtectionLevel.Sign => ContextFlagsPal.InitIntegrity,
@@ -47,6 +49,8 @@ public NegotiateAuthentication(NegotiateAuthenticationClientOptions clientOption
         /// <param name="serverOptions">The property bag for the authentication options.</param>
         public NegotiateAuthentication(NegotiateAuthenticationServerOptions serverOptions)
         {
+            ArgumentNullException.ThrowIfNull(serverOptions);
+
             ContextFlagsPal contextFlags = ContextFlagsPal.Connection | serverOptions.RequiredProtectionLevel switch
             {
                 ProtectionLevel.Sign => ContextFlagsPal.AcceptIntegrity,
@@ -162,6 +166,10 @@ public IIdentity RemoteIdentity
                 IIdentity? identity = _remoteIdentity;
                 if (identity is null)
                 {
+                    if (!IsAuthenticated)
+                    {
+                        throw new InvalidOperationException(SR.net_auth_noauth);
+                    }
                     if (IsServer)
                     {
                         // Server authentication is not supported on tvOS

src/libraries/System.Net.Security/tests/UnitTests/NegotiateAuthenticationTests.cs

@@ -20,6 +20,24 @@ public class NegotiateAuthenticationTests
         private static NetworkCredential s_testCredentialWrong = new NetworkCredential("rightusername", "wrongpassword");
         private static readonly byte[] s_Hello = "Hello"u8.ToArray();
 
+        [Fact]
+        public void Constructor_Overloads_Validation()
+        {
+            AssertExtensions.Throws<ArgumentNullException>("clientOptions", () => { new NegotiateAuthentication((NegotiateAuthenticationClientOptions)null); });
+            AssertExtensions.Throws<ArgumentNullException>("serverOptions", () => { new NegotiateAuthentication((NegotiateAuthenticationServerOptions)null); });
+        }
+
+        // TODO: Currently fails both on Linux (proceeds with Negotiate) and managed implementation (throws PlatformNotSupportedException)
+        /*[Fact]
+        public void Unsupported_Package()
+        {
+            NegotiateAuthenticationClientOptions clientOptions = new NegotiateAuthenticationClientOptions { Package = "INVALID", Credential = s_testCredentialRight, TargetName = "HTTP/foo" };
+            NegotiateAuthentication negotiateAuthentication = new NegotiateAuthentication(clientOptions);
+            NegotiateAuthenticationStatusCode statusCode;
+            negotiateAuthentication.GetOutgoingBlob((byte[]?)null, out statusCode);
+            Assert.Equal(NegotiateAuthenticationStatusCode.Unsupported, statusCode);
+        }*/
+
         [Fact]
         public void NtlmProtocolExampleTest()
         {