dotnet
diff --git a/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj
Lines changed: 9 additions & 6 deletions b/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj
Lines changed: 9 additions & 6 deletions
diff --git a/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs
Lines changed: 2 additions & 2 deletions b/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectManaged.cs
Lines changed: 2 additions & 2 deletions b/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectManaged.cs
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
Lines changed: 1 addition & 1 deletion b/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
Lines changed: 9 additions & 6 deletions b/‎src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
Lines changed: 9 additions & 6 deletions
diff --git a/‎src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs
Lines changed: 2 additions & 2 deletions b/‎src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
Lines changed: 1 addition & 1 deletion b/‎src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs renamed to ‎src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSspiContextProvider.cs
Lines changed: 6 additions & 4 deletions b/‎src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs renamed to ‎src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSspiContextProvider.cs
Lines changed: 6 additions & 4 deletions
diff --git a/‎src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
Lines changed: 0 additions & 45 deletions b/‎src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
Lines changed: 0 additions & 45 deletions
diff --git a/‎src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSspiContextProvider.cs
Lines changed: 36 additions & 0 deletions b/‎src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSspiContextProvider.cs
Lines changed: 36 additions & 0 deletions
diff --git a/‎src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
Lines changed: 0 additions & 58 deletions b/‎src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
Lines changed: 0 additions & 58 deletions
diff --git a/‎src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs
Lines changed: 23 additions & 0 deletions b/‎src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs
Lines changed: 23 additions & 0 deletions
@@ -656,11 +656,14 @@
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SqlUtil.cs">
       <Link>Microsoft\Data\SqlClient\SqlUtil.cs</Link>
     </Compile>
-    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NegotiateSSPIContextProvider.cs">
-      <Link>Microsoft\Data\SqlClient\SSPI\NegotiateSSPIContextProvider.cs</Link>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NegotiateSspiContextProvider.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\NegotiateSspiContextProvider.cs</Link>
     </Compile>
-    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SSPIContextProvider.cs">
-      <Link>Microsoft\Data\SqlClient\SSPI\SSPIContextProvider.cs</Link>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SspiContextProvider.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\SspiContextProvider.cs</Link>
+    </Compile>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SspiAuthenticationParameters.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\SspiAuthenticationParameters.cs</Link>
     </Compile>
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\Utilities\ObjectPool.cs">
       <Link>Microsoft\Data\SqlClient\Utilities\ObjectPool.cs</Link>
@@ -887,8 +890,8 @@
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SqlColumnEncryptionCspProvider.Windows.cs">
       <Link>Microsoft\Data\SqlClient\SqlColumnEncryptionCspProvider.Windows.cs</Link>
     </Compile>
-    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NativeSSPIContextProvider.cs">
-      <Link>Microsoft\Data\SqlClient\SSPI\NativeSSPIContextProvider.cs</Link>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NativeSspiContextProvider.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\NativeSspiContextProvider.cs</Link>
     </Compile>
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SqlColumnEncryptionCertificateStoreProvider.Windows.cs">
       <Link>Microsoft\Data\SqlClient\SqlColumnEncryptionCertificateStoreProvider.Windows.cs</Link>
 
@@ -44,7 +44,7 @@ internal sealed partial class TdsParser
         private static int _objectTypeCount; // EventSource counter
         private readonly SqlClientLogger _logger = new SqlClientLogger();
 
-        private SSPIContextProvider _authenticationProvider;
+        private SspiContextProvider _authenticationProvider;
 
         internal readonly int _objectID = Interlocked.Increment(ref _objectTypeCount);
         internal int ObjectID => _objectID;
@@ -413,7 +413,7 @@ internal void Connect(ServerInfo serverInfo,
             // AD Integrated behaves like Windows integrated when connecting to a non-fedAuth server
             if (integratedSecurity || authType == SqlAuthenticationMethod.ActiveDirectoryIntegrated)
             {
-                _authenticationProvider = _physicalStateObj.CreateSSPIContextProvider();
+                _authenticationProvider = _physicalStateObj.CreateSspiContextProvider();
                 SqlClientEventSource.Log.TryTraceEvent("TdsParser.Connect | SEC | SSPI or Active Directory Authentication Library loaded for SQL Server based integrated authentication");
             }
 
 
@@ -407,7 +407,7 @@ private SNIHandle GetSessionSNIHandleHandleOrThrow()
         [MethodImpl(MethodImplOptions.NoInlining)] // this forces the exception throwing code not to be inlined for performance
         private void ThrowClosedConnection() => throw ADP.ClosedConnectionError();
 
-        internal override SSPIContextProvider CreateSSPIContextProvider()
-            => new NegotiateSSPIContextProvider();
+        internal override SspiContextProvider CreateSspiContextProvider()
+            => new NegotiateSspiContextProvider();
     }
 }
@@ -449,7 +449,7 @@ internal override void DisposePacketCache()
             }
         }
 
-        internal override SSPIContextProvider CreateSSPIContextProvider() => new NativeSSPIContextProvider();
+        internal override SspiContextProvider CreateSspiContextProvider() => new NativeSspiContextProvider();
 
         internal sealed class WritePacketCache : IDisposable
         {
 
@@ -354,14 +354,17 @@
     <Compile Include="$(CommonSourceRoot)Resources\ResCategoryAttribute.cs">
       <Link>Resources\ResCategoryAttribute.cs</Link>
     </Compile>
-    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NativeSSPIContextProvider.cs">
-      <Link>Microsoft\Data\SqlClient\SSPI\NativeSSPIContextProvider.cs</Link>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NativeSspiContextProvider.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\NativeSspiContextProvider.cs</Link>
     </Compile>
-    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NegotiateSSPIContextProvider.cs">
-      <Link>Microsoft\Data\SqlClient\SSPI\NegotiateSSPIContextProvider.cs</Link>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NegotiateSspiContextProvider.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\NegotiateSspiContextProvider.cs</Link>
     </Compile>
-    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SSPIContextProvider.cs">
-      <Link>Microsoft\Data\SqlClient\SSPI\SSPIContextProvider.cs</Link>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SspiContextProvider.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\SspiContextProvider.cs</Link>
+    </Compile>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SspiAuthenticationParameters.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\SspiAuthenticationParameters.cs</Link>
     </Compile>
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\TdsParser.cs">
       <Link>Microsoft\Data\SqlClient\TdsParser.cs</Link>
 
@@ -44,7 +44,7 @@ internal sealed partial class TdsParser
         private static int _objectTypeCount; // EventSource counter
         private readonly SqlClientLogger _logger = new SqlClientLogger();
 
-        private SSPIContextProvider _authenticationProvider;
+        private SspiContextProvider _authenticationProvider;
 
         internal readonly int _objectID = Interlocked.Increment(ref _objectTypeCount);
         internal int ObjectID => _objectID;
@@ -411,7 +411,7 @@ internal void Connect(ServerInfo serverInfo,
             // AD Integrated behaves like Windows integrated when connecting to a non-fedAuth server
             if (integratedSecurity || authType == SqlAuthenticationMethod.ActiveDirectoryIntegrated)
             {
-                _authenticationProvider = _physicalStateObj.CreateSSPIContextProvider();
+                _authenticationProvider = _physicalStateObj.CreateSspiContextProvider();
 
                 if (!string.IsNullOrEmpty(serverInfo.ServerSPN))
                 {
 
@@ -31,6 +31,6 @@ internal override uint EnableMars(ref uint info)
         internal override uint SetConnectionBufferSize(ref uint unsignedPacketSize)
             => SniNativeWrapper.SniSetInfo(Handle, QueryType.SNI_QUERY_CONN_BUFSIZE, ref unsignedPacketSize);
 
-        internal override SSPIContextProvider CreateSSPIContextProvider() => new NativeSSPIContextProvider();
+        internal override SspiContextProvider CreateSspiContextProvider() => new NativeSspiContextProvider();
     }
 }
@@ -6,7 +6,7 @@
 
 namespace Microsoft.Data.SqlClient
 {
-    internal sealed class NativeSSPIContextProvider : SSPIContextProvider
+    internal sealed class NativeSspiContextProvider : SspiContextProvider
     {
         private static readonly object s_tdsParserLock = new();
 
@@ -49,7 +49,7 @@ private void LoadSSPILibrary()
             }
         }
 
-        protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, ReadOnlySpan<string> serverSpns)
+        protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SspiAuthenticationParameters authParams)
         {
 #if NETFRAMEWORK
             SNIHandle handle = _physicalStateObj.Handle;
@@ -62,9 +62,9 @@ protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo
             var sendLength = s_maxSSPILength;
             var outBuff = outgoingBlobWriter.GetSpan((int)sendLength);
 
-            if (0 != SniNativeWrapper.SniSecGenClientContext(handle, incomingBlob, outBuff, ref sendLength, serverSpns[0]))
+            if (0 != SniNativeWrapper.SniSecGenClientContext(handle, incomingBlob, outBuff, ref sendLength, authParams.Resource))
             {
-                throw new InvalidOperationException(SQLMessage.SSPIGenerateError());
+                return false;
             }
 
             if (sendLength > int.MaxValue)
@@ -73,6 +73,8 @@ protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo
             }
 
             outgoingBlobWriter.Advance((int)sendLength);
+
+            return true;
         }
     }
 }
 
@@ -0,0 +1,36 @@
+#if NET
+
+using System;
+using System.Buffers;
+using System.Net.Security;
+
+#nullable enable
+
+namespace Microsoft.Data.SqlClient
+{
+    internal sealed class NegotiateSspiContextProvider : SspiContextProvider
+    {
+        private NegotiateAuthentication? _negotiateAuth = null;
+
+        protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SspiAuthenticationParameters authParams)
+        {
+            NegotiateAuthenticationStatusCode statusCode = NegotiateAuthenticationStatusCode.UnknownCredentials;
+
+            _negotiateAuth ??= new(new NegotiateAuthenticationClientOptions { Package = "Negotiate", TargetName = authParams.Resource });
+            var sendBuff = _negotiateAuth.GetOutgoingBlob(incomingBlob, out statusCode)!;
+
+            // Log session id, status code and the actual SPN used in the negotiation
+            SqlClientEventSource.Log.TryTraceEvent("{0}.{1} | Info | Session Id {2}, StatusCode={3}, SPN={4}", nameof(NegotiateSspiContextProvider),
+                nameof(GenerateSspiClientContext), _physicalStateObj.SessionId, statusCode, _negotiateAuth.TargetName);
+
+            if (statusCode == NegotiateAuthenticationStatusCode.Completed || statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded)
+            {
+                outgoingBlobWriter.Write(sendBuff);
+                return true;
+            }
+
+            return false;
+        }
+    }
+}
+#endif
@@ -0,0 +1,23 @@
+#nullable enable
+
+namespace Microsoft.Data.SqlClient
+{
+    internal sealed class SspiAuthenticationParameters
+    {
+        public SspiAuthenticationParameters(string serverName, string resource)
+        {
+            ServerName = serverName;
+            Resource = resource;
+        }
+
+        public string Resource { get; }
+
+        public string ServerName { get; }
+
+        public string? UserId { get; set; }
+
+        public string? DatabaseName { get; set; }
+
+        public string? Password { get; set; }
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ internal sealed partial class TdsParser`
`44`	`44`	`private static int _objectTypeCount; // EventSource counter`
`45`	`45`	`private readonly SqlClientLogger _logger = new SqlClientLogger();`
`46`	`46`
`47`		`- private SSPIContextProvider _authenticationProvider;`
	`47`	`+ private SspiContextProvider _authenticationProvider;`
`48`	`48`
`49`	`49`	`internal readonly int _objectID = Interlocked.Increment(ref _objectTypeCount);`
`50`	`50`	`internal int ObjectID => _objectID;`
`@@ -413,7 +413,7 @@ internal void Connect(ServerInfo serverInfo,`
`413`	`413`	`// AD Integrated behaves like Windows integrated when connecting to a non-fedAuth server`
`414`	`414`	`if (integratedSecurity \|\| authType == SqlAuthenticationMethod.ActiveDirectoryIntegrated)`
`415`	`415`	`{`
`416`		`- _authenticationProvider = _physicalStateObj.CreateSSPIContextProvider();`
	`416`	`+ _authenticationProvider = _physicalStateObj.CreateSspiContextProvider();`
`417`	`417`	`SqlClientEventSource.Log.TryTraceEvent("TdsParser.Connect \| SEC \| SSPI or Active Directory Authentication Library loaded for SQL Server based integrated authentication");`
`418`	`418`	`}`
`419`	`419`
Original file line number	Diff line number	Diff line change
`@@ -407,7 +407,7 @@ private SNIHandle GetSessionSNIHandleHandleOrThrow()`
`407`	`407`	`[MethodImpl(MethodImplOptions.NoInlining)] // this forces the exception throwing code not to be inlined for performance`
`408`	`408`	`private void ThrowClosedConnection() => throw ADP.ClosedConnectionError();`
`409`	`409`
`410`		`- internal override SSPIContextProvider CreateSSPIContextProvider()`
`411`		`- => new NegotiateSSPIContextProvider();`
	`410`	`+ internal override SspiContextProvider CreateSspiContextProvider()`
	`411`	`+ => new NegotiateSspiContextProvider();`
`412`	`412`	`}`
`413`	`413`	`}`
Original file line number	Diff line number	Diff line change
`@@ -449,7 +449,7 @@ internal override void DisposePacketCache()`
`449`	`449`	`}`
`450`	`450`	`}`
`451`	`451`
`452`		`- internal override SSPIContextProvider CreateSSPIContextProvider() => new NativeSSPIContextProvider();`
	`452`	`+ internal override SspiContextProvider CreateSspiContextProvider() => new NativeSspiContextProvider();`
`453`	`453`
`454`	`454`	`internal sealed class WritePacketCache : IDisposable`
`455`	`455`	`{`
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,6 @@ internal override uint EnableMars(ref uint info)`
`31`	`31`	`internal override uint SetConnectionBufferSize(ref uint unsignedPacketSize)`
`32`	`32`	`=> SniNativeWrapper.SniSetInfo(Handle, QueryType.SNI_QUERY_CONN_BUFSIZE, ref unsignedPacketSize);`
`33`	`33`
`34`		`- internal override SSPIContextProvider CreateSSPIContextProvider() => new NativeSSPIContextProvider();`
	`34`	`+ internal override SspiContextProvider CreateSspiContextProvider() => new NativeSspiContextProvider();`
`35`	`35`	`}`
`36`	`36`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`
`7`	`7`	`namespace Microsoft.Data.SqlClient`
`8`	`8`	`{`
`9`		`- internal sealed class NativeSSPIContextProvider : SSPIContextProvider`
	`9`	`+ internal sealed class NativeSspiContextProvider : SspiContextProvider`
`10`	`10`	`{`
`11`	`11`	`private static readonly object s_tdsParserLock = new();`
`12`	`12`
`@@ -49,7 +49,7 @@ private void LoadSSPILibrary()`
`49`	`49`	`}`
`50`	`50`	`}`
`51`	`51`
`52`		`- protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, ReadOnlySpan<string> serverSpns)`
	`52`	`+ protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SspiAuthenticationParameters authParams)`
`53`	`53`	`{`
`54`	`54`	`#if NETFRAMEWORK`
`55`	`55`	`SNIHandle handle = _physicalStateObj.Handle;`
`@@ -62,9 +62,9 @@ protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo`
`62`	`62`	`var sendLength = s_maxSSPILength;`
`63`	`63`	`var outBuff = outgoingBlobWriter.GetSpan((int)sendLength);`
`64`	`64`
`65`		`- if (0 != SniNativeWrapper.SniSecGenClientContext(handle, incomingBlob, outBuff, ref sendLength, serverSpns[0]))`
	`65`	`+ if (0 != SniNativeWrapper.SniSecGenClientContext(handle, incomingBlob, outBuff, ref sendLength, authParams.Resource))`
`66`	`66`	`{`
`67`		`- throw new InvalidOperationException(SQLMessage.SSPIGenerateError());`
	`67`	`+ return false;`
`68`	`68`	`}`
`69`	`69`
`70`	`70`	`if (sendLength > int.MaxValue)`
`@@ -73,6 +73,8 @@ protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`outgoingBlobWriter.Advance((int)sendLength);`
	`76`	`+`
	`77`	`+ return true;`
`76`	`78`	`}`
`77`	`79`	`}`
`78`	`80`	`}`