Skip to content

use port in SPN calculation if not default #40860

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 17, 2020
Merged

use port in SPN calculation if not default #40860

merged 3 commits into from
Aug 17, 2020

Conversation

@wfurt
Copy link
Member

@wfurt wfurt commented Aug 14, 2020

It seems like we should use port in SPN if not default. At least that what framework did.
I added code to do that if Host header is not present. If it is, we would still prefer it and that should allow some customization until we have API to set SPN explicitly (or have mapper like Framework did)

Long term, we may add some code to probe if given SPN exist and possibly fallback to alternatives when it does not.

As far as the test, I added new instance of the same container. When I had simply to services on the same machine, test code worked even if we did not use the port.

As the configuration got more complicated, patching config via sed is more tricky. So instead, I submitted what is outcome of old code and I modified that directly. There could be more cleanup and I want to add NTLM as well but for now I keep it only with necessary changes.

fixes #36644

cc: @SteveSyfuhs

@wfurt wfurt requested a review from a team August 14, 2020 21:40
@wfurt wfurt self-assigned this Aug 14, 2020
@ghost
Copy link

ghost commented Aug 14, 2020

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

geoffkizer
geoffkizer reviewed Aug 15, 2020
View reviewed changes
...raries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs
hostName = result.HostName;
}

if (!isProxyAuth && !authUri.IsDefaultPort)
Copy link
Contributor

@geoffkizer geoffkizer Aug 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not for proxy auth?

If it's just to minimize change, then we should add a comment about this. Actually we should probably add a comment regardless.

Copy link
Member Author

@wfurt wfurt Aug 16, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, it was minimize the change. I was not sure but since nobody complained about proxies, I left it as it was.
I'm also not sure if the the proxy default port would match web server port.

Copy link
Contributor

@geoffkizer geoffkizer Aug 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Can we add a comment?

@wfurt
Copy link
Member Author

wfurt commented Aug 17, 2020

all tests passing now.

@jaredpar jaredpar mentioned this pull request Aug 17, 2020
Closed
@wfurt wfurt merged commit 13198a5 into dotnet:master Aug 17, 2020
@wfurt wfurt deleted the spnPort_36644 branch August 17, 2020 21:43
@ghost ghost locked as resolved and limited conversation to collaborators Dec 7, 2020
@karelz karelz added this to the 5.0.0 milestone Jan 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

3 more reviewers

@geoffkizer geoffkizer geoffkizer left review comments

@SteveSyfuhs SteveSyfuhs SteveSyfuhs approved these changes

@scalablecory scalablecory scalablecory approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@wfurt wfurt

Labels

area-System.Net.Http

Projects

None yet

Milestone

5.0.0

Development

Successfully merging this pull request may close these issues.

Possible bug in AuthenticationHelper

5 participants

@wfurt @SteveSyfuhs @scalablecory @geoffkizer @karelz