diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2022-03-11 02:03:28 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-11 02:03:28 +0300 |
commit | 14ee76b50f0206bde7a567baf1d2fb9e953e0737 (patch) | |
tree | f6ad1ced7d0e8fb085d5f88aa67f67d9ec5a3b3d | |
parent | 4afa6710e8b929a4bc8744f7e6c402ec0782e98b (diff) |
Fix compatibility with NTLM authentication to McAfee Web Gateway (#66315)
Co-authored-by: Filip Navara <navara@emclient.com>
-rw-r--r-- | src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs index 52edbb5a80c..0d5447abf65 100644 --- a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs +++ b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs @@ -154,8 +154,19 @@ namespace System.Net.Http NetEventSource.Info(connection, $"Authentication: {challenge.AuthenticationType}, SPN: {spn}"); } + ContextFlagsPal contextFlags = ContextFlagsPal.Connection; + // When connecting to proxy server don't enforce the integrity to avoid + // compatibility issues. The assumption is that the proxy server comes + // from a trusted source. On macOS we always need to enforce the integrity + // to avoid the GSSAPI implementation generating corrupted authentication + // tokens. + if (!isProxyAuth || OperatingSystem.IsMacOS()) + { + contextFlags |= ContextFlagsPal.InitIntegrity; + } + ChannelBinding? channelBinding = connection.TransportContext?.GetChannelBinding(ChannelBindingKind.Endpoint); - NTAuthentication authContext = new NTAuthentication(isServer: false, challenge.SchemeName, challenge.Credential, spn, ContextFlagsPal.Connection | ContextFlagsPal.InitIntegrity, channelBinding); + NTAuthentication authContext = new NTAuthentication(isServer: false, challenge.SchemeName, challenge.Credential, spn, contextFlags, channelBinding); string? challengeData = challenge.ChallengeData; try { |