Group claim duplication when using Negotiate authentication on Linux AD domain member with LDAP
y4r9 opened this issue · comments
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
When using the Negotiate authentication on a Linux AD domain member with LDAP claim resolution as described at link, the nested groups are resolved multiple times, because in file aspnetcore/src/Security/Authentication/Negotiate/src/Internal/LdapAdapter.cs on line 73 a new HashSet is created in every iteration of the surrounding foreach loop. Furthermore, on Windows the claims contain the SIDs of the groups instead of the names, whereas on linux only the group names are returned. To allow for more portable code adding the SIDs would be helpful.
Expected Behavior
- Unique group claims should be returned upon authentication.
- Object SIDs should be added to the claims to allow for portable claim based/policy based authorization.
Steps To Reproduce
No response
Exceptions (if any)
No response
.NET Version
8.0.204
Anything else?
No response