search

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.52k stars 10.04k forks source link

Improve Kerberos-based auth experience #27527

Open mkArtakMSFT opened 4 years ago

mkArtakMSFT commented 4 years ago

Summary

We've seen some feedback indicating that Kerberos auth is not usable in some E2E scenarios (@Tratcher can you please clarify this as none of the attendees of the meeting have context about this). This issue tracks the work to identify all those experiences and later decide which ones we would like to address in 6.0 timeframe.

@blowdart thinks that this may be related to authentication delegation to SQL.

People with more context

@Tratcher, @JunTaoLuo

Motivation and goals

The initial 3.x Negotiate handler provided only minimal functionality on linux. In 5.0 @JunTaoLuo did work to expand that to include roles. However, none of the partners have been able to validate the new 5.0 features yet, so we're still expecting feedback that we may need to address.

We're also still waiting for a proper Negotiate API from the runtime. We've been using reflection since 3.x. https://github.com/dotnet/runtime/issues/29270

There have also been asks about delegating to SQL cross platform.

In scope

A list of major scenarios, perhaps in priority order.

Out of scope

Scenarios you explicitly want to exclude.

Risks / unknowns

How might developers misinterpret/misuse this? How might implementing it restrict us from other enhancements in the future? Also list any perf/security/correctness concerns.

Examples

Give brief examples of possible developer experiences (e.g., code they would write).

Don't be deeply concerned with how it would be implemented yet. Your examples could even be from other technology stacks.

ghost commented 4 years ago

Thanks for contacting us. We're moving this issue to the Next sprint planning milestone for future evaluation / consideration. We will evaluate the request when we are planning the work for the next milestone. To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

adityamandaleeka commented 2 years ago

@blowdart Looks like this hasn't been addressed for a couple of years. Is this something we want to invest in for 8 or should we just close it?

ghost commented 2 years ago

We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process.

mkArtakMSFT commented 2 years ago

Moving to Backlog until the decision is made.