Closed awakecoding closed 1 year ago
Adding a dependency on the ehttp
crate in sspi-rs is probably not required. Instead, the NetworkClient
trait may be implemented downstream like in this draft PR for IronRDP: https://github.com/Devolutions/IronRDP/pull/154 (where gloo-net is used instead, since we already had this dependency before)
However, some API modification on sspi-rs side is required. See FIXME comments.
NetworkClient
trait should provide another method to advertise available network methods (in our case, only HTTP is supported)
NetworClient::send_http
method should be updated so that implementer don’t need to re-implement the ASN.1 DER encoding / decoding dance himself (this logic can be extracted in sspi-rs itself)
Those are only suggestions, another approach may be discussed and implemented instead if resulting in a better API usability.
In order to support Kerberos in the IronRDP web client, we need a proper build with the sspi-rsnetwork_client feature enabled. KDC detection is not required, since we'll inject a KDC proxy URL (https) into IronRDP, and we need a way to pass it down to sspi-rs through the Rust APIs to be used properly. Once we have this, web-based, RDP connections through the Devolutions Gateway should be able to use Kerberos properly.
Draft PR enabling the missing features: https://github.com/Devolutions/IronRDP/pull/154
If reqwest is a problem for in-browser blocking HTTP calls, the new ehttp crate can be used instead.