search

dotnet / runtime

.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.
https://docs.microsoft.com/dotnet/core/
MIT License
15.16k stars 4.72k forks source link

Authentication is failing for domain user while connecting winrm with Negotiate auth type from the Ubuntu Linux #108878

Open gkna opened 1 week ago

gkna commented 1 week ago

Description

I am trying to establish a connection with WinRM using domain user and authentication type as Negotiate and it is failing with 401 error. Below code i have used for connection.

string myUri = "https://x.x.x.x:5986/wsman";
var handler = new HttpClientHandler
{
    PreAuthenticate = true,
    UseProxy = false,
    UseDefaultCredentials = false,
    Credentials = new CredentialCache
    {
        {
            new Uri(myUri), "Negotiate", new NetworkCredential(UserName, Password, Domain)
        }
    },
    ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true
};
 using HttpClient client = new(handler);
            try
            {
                var content = new StringContent(soapEnvelope, Encoding.UTF8, "application/soap+xml");
                HttpResponseMessage response = await client.PostAsync(myUri, content);
                response.EnsureSuccessStatusCode();
                string result = await response.Content.ReadAsStringAsync();
                Console.WriteLine(result);
            }
            catch (HttpRequestException e)
            {
                Console.WriteLine($"Request error: {e.Message}");
            }
        }
    }

And added below code to .csproj

<PropertyGroup>
    <_UseManagedNtlm>true</_UseManagedNtlm>
</PropertyGroup>

Environment Details: dotnet version: 9.0.100-rc.2.24474.11 Operating System: VERSION="22.04.4 LTS (Jammy Jellyfish)"

The above code is working from Windows but failing from Ubuntu linux. do we need to fix anything here to make it work for Ubuntu?

Reproduction Steps

As shown in the description, use the same code to reproduce.

Expected behavior

Authentication should be successful for domain user from the Ubunut linux.

Actual behavior

It is failing with 401(Unauthorised) error.

Regression?

No response

Known Workarounds

No response

Configuration

dotnet version: 9.0.100-rc.2.24474.11 root@0421590# cat /etc/os-release PRETTY_NAME="Ubuntu 22.04.4 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.4 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy

Other information

No response

dotnet-policy-service[bot] commented 1 week ago

Tagging subscribers to this area: @dotnet/ncl See info in area-owners.md if you want to be subscribed.

dotnet-policy-service[bot] commented 1 week ago

Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones See info in area-owners.md if you want to be subscribed.

wfurt commented 1 week ago

It would be good to get packet captures for both successful and failing request. Did you try the native GSSAPI implementation before jumping to managed @gkna ? (needs the ntlm ssp package)

gkna commented 5 days ago

Thanks a lot for the response @wfurt. Please find the attached packet captures packet.zip. Captured for Ubuntu(failure, negotiate), Windows(success, negotiate).

Our native windows app works using managed, now our app supporting Linux based operating systems which is not working. It would be helpful if same works for linux too.

GSSAPI option i am exploring, have to check it meets our requirement.