Open deryaza opened 3 months ago
Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones See info in area-owners.md if you want to be subscribed.
Triage: we usually don't add features that are available only on particular platform unless we have a strong justification. I will tentatively put this to future for now, we might consider adding this if there are enough upvotes.
This is sad :(
While this API is designed for a specific platform, it will still offer functionality similar to WindowsIdentity on other platforms which still provides a bit more consistent experience across different environments. Plus, if we are talking about delegation, this API (that can be changed) will provide an abstract way of using WindowsIdentity delegation functionality abstracting it to IIdentity (because no need to cast it to WindowsIdentity and calling RunImpersonated method, just assigning it to DelegatedIdentity in NegotiateAuthenticationClientOptions). @rzikm
Background and motivation
From what I understand, the delegated credentials are retrieved in the last parameter of this invocation: https://github.com/dotnet/runtime/blob/main/src/native/libs/System.Net.Security.Native/pal_gssapi.c#L415C1-L426C1
So, as I can tell there is no way to use those since they are discarded.
API Proposal
Make RemoteIdentity property return something like:
and options to accept:
API Usage
Alternative Designs
Probably instead of adding
NegotiateAuthenticationClientOptions.DelegatedIdentity
Thread.CurrentPrincipal
could be used, but I think it's not as good probably.Risks
No response