When using the Negotiate authentication on a Linux AD domain member with LDAP claim resolution as described at link, the nested groups are resolved multiple times, because in file aspnetcore/src/Security/Authentication/Negotiate/src/Internal/LdapAdapter.cs on line 73 a new HashSet is created in every iteration of the surrounding foreach loop. Furthermore, on Windows the claims contain the SIDs of the groups instead of the names, whereas on linux only the group names are returned. To allow for more portable code adding the SIDs would be helpful.
Expected Behavior
Unique group claims should be returned upon authentication.
Object SIDs should be added to the claims to allow for portable claim based/policy based authorization.
Is there an existing issue for this?
Describe the bug
When using the Negotiate authentication on a Linux AD domain member with LDAP claim resolution as described at link, the nested groups are resolved multiple times, because in file aspnetcore/src/Security/Authentication/Negotiate/src/Internal/LdapAdapter.cs on line 73 a new HashSet is created in every iteration of the surrounding foreach loop. Furthermore, on Windows the claims contain the SIDs of the groups instead of the names, whereas on linux only the group names are returned. To allow for more portable code adding the SIDs would be helpful.
Expected Behavior
Steps To Reproduce
No response
Exceptions (if any)
No response
.NET Version
8.0.204
Anything else?
No response