This repository has been archived by the owner on Jan 23, 2023. It is now read-only.
[release/2.1] Port Kerberos auth fixes to 2.1 branch #40109
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR ports some important Kerberos auth fixes from the 3.0 to 2.1 LTS branch. These fixes help enterprise customers that have complex Kerberos authentication scenarios that involve cross Windows (Active Directory) and Linux (Kerberos) domains/realms. These fixes are from PRs: * dotnet#38465 - Use 'Host' header when calculating SPN for Kerberos auth * dotnet#38377 - Use GSS_C_NT_HOSTBASED_SERVICE format for Linux Kerberos SPN and are related to issue dotnet#36329.
davidsh
added
tenet-compatibility
DescriptionCustomers that use Kerberos authentication with mixed Windows and Linux domains/realms are unable to use HttpClient or SqlClient. The requests are currently failing due to incorrect SPNs (Service Principal Name) being used during Negotiate/SPNEGO protocol. Customer ImpactWithout these fixes, important enterprise customers are unable to use HttpClient or SqlClient in these environments. Regression?Yes from .NET Core 2.0 (i.e. before SocketsHttpHandler was used). RiskLow. Fixes were manually tested in separate enterprise testing environment. A private build of these fixes was also tested in the customer's environment. |
davidsh
changed the title
stephentoub
reviewed
Aug 7, 2019
src/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs
Show resolved
Hide resolved
stephentoub
reviewed
Aug 7, 2019
src/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs
Show resolved
Hide resolved
stephentoub
approved these changes
Aug 7, 2019
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
approved offline |
|
Need mirroring into 2.2 before starting 2.2. build |
davidsh
added
Servicing-approved
wtgodbe
pushed a commit
that referenced
this pull request
Aug 8, 2019
* Update BuildTools to rc1-04230-01 * Port Kerberos auth fixes to 2.1 branch (#40109) This PR ports some important Kerberos auth fixes from the 3.0 to 2.1 LTS branch. These fixes help enterprise customers that have complex Kerberos authentication scenarios that involve cross Windows (Active Directory) and Linux (Kerberos) domains/realms. These fixes are from PRs: * #38465 - Use 'Host' header when calculating SPN for Kerberos auth * #38377 - Use GSS_C_NT_HOSTBASED_SERVICE format for Linux Kerberos SPN and are related to issue #36329.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR ports some important Kerberos auth fixes from the 3.0 to 2.1 LTS
branch. These fixes help enterprise customers that have complex Kerberos
authentication scenarios that involve cross Windows (Active Directory)
and Linux (Kerberos) domains/realms.
These fixes are from PRs:
and are related to issue #36329.