Skip to content

Expose SSPI context provider as public #2494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Expose SSPI context provider as public #2494

wants to merge 5 commits into from

Conversation

twsouthwick
Copy link
Member

@twsouthwick twsouthwick commented May 8, 2024
edited
Loading

This change:

  • Adds a property to SqlConnection to allow setting a provider
  • Plumbs that property into the TdsParser so that it can be used if set

Fixes #2253

@twsouthwick twsouthwick mentioned this pull request May 8, 2024
Open
10 tasks
@twsouthwick twsouthwick changed the title Expose SSPI context provider as public Expose SSPI context provider as public May 8, 2024
@twsouthwick twsouthwick force-pushed the public branch 3 times, most recently from e16f2c8 to cfcf164 Compare March 3, 2025 19:42
@codecov Codecov
Copy link

codecov bot commented Mar 3, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 59.06%. Comparing base (63443f4) to head (ee6c4cf).

❗ There is a different number of reports uploaded between BASE (63443f4) and HEAD (ee6c4cf). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (63443f4) HEAD (ee6c4cf)
addons 1 0
Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #2494       +/-   ##
===========================================
- Coverage   69.90%   59.06%   -10.84%     
===========================================
  Files         276      270        -6     
  Lines       62414    62098      -316     
===========================================
- Hits        43629    36677     -6952     
- Misses      18785    25421     +6636
Flag Coverage Δ
addons ?
netcore 61.71% <ø> (-11.13%) ⬇️
netfx 62.71% <ø> (-6.91%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

nhart12
nhart12 reviewed Mar 11, 2025
View reviewed changes
nhart12
nhart12 reviewed Mar 11, 2025
View reviewed changes
benrr101
benrr101 requested changes Apr 2, 2025
View reviewed changes
Copy link
Contributor

@benrr101 benrr101 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, really like the goal and implementation. Most of my comments are style related, since I'm sure my colleagues have tackled the bigger questions.

paulmedynski
paulmedynski requested changes Apr 2, 2025
View reviewed changes
Copy link
Contributor

@paulmedynski paulmedynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made an initial pass, and came up with some questions/comments.

@paulmedynski paulmedynski self-assigned this Apr 2, 2025
@twsouthwick twsouthwick force-pushed the public branch 6 times, most recently from 380e896 to 2039bd9 Compare May 1, 2025 19:37
paulmedynski
paulmedynski requested changes May 13, 2025
View reviewed changes
Copy link
Contributor

@paulmedynski paulmedynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Factory vs instance in the netfx code, and a few questions about docs.

@twsouthwick twsouthwick force-pushed the public branch 4 times, most recently from 5bb128f to 8937cb7 Compare May 13, 2025 14:58
@twsouthwick twsouthwick marked this pull request as ready for review May 13, 2025 18:40
nhart12
nhart12 approved these changes May 13, 2025
View reviewed changes
Copy link

@nhart12 nhart12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Latest package still works for our use-case

paulmedynski
paulmedynski previously approved these changes Jul 9, 2025
View reviewed changes
@paulmedynski
Copy link
Contributor

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 2 pipeline(s).

@twsouthwick
Copy link
Member Author

@paulmedynski @mdaigle the two failures look to be test failures with sql server setup. otherwise it's ready again

@twsouthwick
Copy link
Member Author

@mdaigle @paulmedynski any updates on timing here? Are we still waiting for a security review?

@mdaigle
Copy link
Contributor

mdaigle commented Jul 23, 2025

@twsouthwick yes, we still need to set up a security review. We had originally planned on doing that for the 6.1 release but opted to avoid security sensitive changes. I'm hoping I'll have a chance soon to update out threat model diagrams for this feature and then schedule a feature specific review.

mdaigle
mdaigle previously approved these changes Jul 23, 2025
View reviewed changes
@twsouthwick
Copy link
Member Author

@mdaigle I've created a separate PR to make the non-public changes so that future merge conflicts are minimal: #3511

paulmedynski
paulmedynski reviewed Sep 22, 2025
View reviewed changes
Copy link
Contributor

@paulmedynski paulmedynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How hard would it be to implement the positive test Malcolm suggests?

...SqlClient/tests/ManualTests/SQL/IntegratedAuthenticationTest/IntegratedAuthenticationTest.cs
{
conn.Open();

Assert.Fail("Expected to use custom SSPI context provider");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should be able to use the test TDS Server for this. Implement a custom SSPI provider in the driver that just sends "Foo", have the TDS Server check for "Foo" and send back "Bar", and then have the custom provider check for "Bar" and complete the Open().

@Copilot Copilot AI review requested due to automatic review settings October 8, 2025 16:59
Copilot
Copilot AI reviewed Oct 8, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR exposes the SSPI context provider as a public API to allow custom authentication implementations. The change makes the SspiContextProvider class and related types public so that developers can implement custom SSPI authentication logic.

  • Converts internal SSPI-related classes to public APIs with proper documentation
  • Adds a public property to SqlConnection for setting custom SSPI context providers
  • Includes comprehensive test coverage for the new functionality

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
SspiContextProvider.cs Made class public and added XML documentation includes
SspiAuthenticationParameters.cs Made class public with documentation includes for all properties
SqlConnection.cs (netfx & netcore) Changed SspiContextProvider property from internal to public
Microsoft.Data.SqlClient.cs (ref files) Added public API definitions for both netfx and netcore
IntegratedAuthenticationTest.cs Added test for custom SSPI context provider functionality
Microsoft.Data.SqlClient.sln Added new documentation files to solution
SspiContextProvider.xml New XML documentation for SspiContextProvider
SspiAuthenticationParameters.xml New XML documentation for SspiAuthenticationParameters
SqlConnection.xml Added documentation for SspiContextProvider property

doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml
Gets or sets the <see cref="SspiContextProvider"/> instance for customizing the SSPI context. If not set, the default for the platform will be used.
</summary>
<value>
An <see cref="T:Micorosft.Data.SqlClient.SspiContextProvider" /> instance.
Copy link

Copilot AI Oct 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Corrected spelling of 'Micorosft' to 'Microsoft'.

Suggested change
An <see cref="T:Micorosft.Data.SqlClient.SspiContextProvider" /> instance.
An <see cref="T:Microsoft.Data.SqlClient.SspiContextProvider" /> instance.

Copilot uses AI. Check for mistakes.

@benrr101
Copy link
Contributor

benrr101 commented Oct 8, 2025
edited
Loading

@twsouthwick I took the liberty of resolving the merge conflict. I'd like to try and get this in by end of week, but I get that's gonna be tight. nevermind we'll get it in ... someday

@mdaigle mdaigle added the Partner Approval Needed 🤝 Issues/PRs that require approval/feedback from partner teams label Oct 8, 2025
@mdaigle
Copy link
Contributor

mdaigle commented Oct 8, 2025

@benrr101 we still need a threat model review before we can take this change

@benrr101 benrr101 modified the milestones: 7.0-preview2, 7.0.0 Oct 8, 2025
@cheenamalhotra cheenamalhotra modified the milestones: 7.0.0, 7.0.0-preview3 Oct 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@paulmedynski paulmedynski paulmedynski approved these changes

@mdaigle mdaigle mdaigle left review comments

@benrr101 benrr101 Awaiting requested review from benrr101

@David-Engel David-Engel Awaiting requested review from David-Engel

+1 more reviewer

@nhart12 nhart12 nhart12 approved these changes

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

@paulmedynski paulmedynski

Labels

Partner Approval Needed 🤝 Issues/PRs that require approval/feedback from partner teams

Projects

None yet

Milestone

7.0.0-preview3

Development

Successfully merging this pull request may close these issues.

Add hook for custom SSPI context for SqlConnection instances

7 participants

@twsouthwick @paulmedynski @mdaigle @benrr101 @nhart12 @David-Engel @cheenamalhotra