projects / platform / upstream / dotnet / runtime.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4afa671)
Fix compatibility with NTLM authentication to McAfee Web Gateway (#66315)
authorgithub-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Thu, 10 Mar 2022 23:03:28 +0000 (15:03 -0800)
committerGitHub <noreply@github.com>
Thu, 10 Mar 2022 23:03:28 +0000 (15:03 -0800)
Co-authored-by: Filip Navara <navara@emclient.com>
src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs patch | blob | history

diff --git a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs
index 52edbb5a80cbac47f09fa4b59c9e765212a34dc1..0d5447abf659cdc17b4fdb4afd2b94cf341d3f6a 100644 (file)
--- a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs
+++ b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs
@@ -154,8 +154,19 @@ namespace System.Net.Http
                             NetEventSource.Info(connection, $"Authentication: {challenge.AuthenticationType}, SPN: {spn}");
                         }
 
+                        ContextFlagsPal contextFlags = ContextFlagsPal.Connection;
+                        // When connecting to proxy server don't enforce the integrity to avoid
+                        // compatibility issues. The assumption is that the proxy server comes
+                        // from a trusted source. On macOS we always need to enforce the integrity
+                        // to avoid the GSSAPI implementation generating corrupted authentication
+                        // tokens.
+                        if (!isProxyAuth || OperatingSystem.IsMacOS())
+                        {
+                            contextFlags |= ContextFlagsPal.InitIntegrity;
+                        }
+
                         ChannelBinding? channelBinding = connection.TransportContext?.GetChannelBinding(ChannelBindingKind.Endpoint);
-                        NTAuthentication authContext = new NTAuthentication(isServer: false, challenge.SchemeName, challenge.Credential, spn, ContextFlagsPal.Connection | ContextFlagsPal.InitIntegrity, channelBinding);
+                        NTAuthentication authContext = new NTAuthentication(isServer: false, challenge.SchemeName, challenge.Credential, spn, contextFlags, channelBinding);
                         string? challengeData = challenge.ChallengeData;
                         try
                         {
Domain: Dotnet / Core;