Add log for unsupported protocol with Negotiate auth (#31888)

BrennanConroy · web-flow · commit 1a0fc3611f74 · 2021-04-16T17:12:33.000-07:00
diff --git a/src/Security/Authentication/Negotiate/src/Internal/NegotiateLoggingExtensions.cs b/src/Security/Authentication/Negotiate/src/Internal/NegotiateLoggingExtensions.cs
@@ -18,6 +18,7 @@ internal static class NegotiateLoggingExtensions
         private static Action<ILogger, Exception?> _reauthenticating;
         private static Action<ILogger, Exception?> _deferring;
         private static Action<ILogger, string, Exception?> _negotiateError;
+        private static Action<ILogger, string, Exception?> _protocolNotSupported;
 
         static NegotiateLoggingExtensions()
         {
@@ -65,6 +66,10 @@ static NegotiateLoggingExtensions()
                 eventId: new EventId(11, "NegotiateError"),
                 logLevel: LogLevel.Debug,
                 formatString: "Negotiate error code: {error}.");
+            _protocolNotSupported = LoggerMessage.Define<string>(
+                eventId: new EventId(12, "ProtocolNotSupported"),
+                logLevel: LogLevel.Debug,
+                formatString: "Negotiate is not supported with {protocol}.");
         }
 
         public static void IncompleteNegotiateChallenge(this ILogger logger)
@@ -99,5 +104,8 @@ public static void ClientError(this ILogger logger, Exception ex)
 
         public static void NegotiateError(this ILogger logger, string error)
             => _negotiateError(logger, error, null);
+
+        public static void ProtocolNotSupported(this ILogger logger, string protocol)
+            => _protocolNotSupported(logger, protocol, null);
     }
 }
diff --git a/src/Security/Authentication/Negotiate/src/NegotiateHandler.cs b/src/Security/Authentication/Negotiate/src/NegotiateHandler.cs
@@ -299,6 +299,7 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
                 // Not supported. We don't throw because Negotiate may be set as the default auth
                 // handler on a server that's running HTTP/1 and HTTP/2. We'll challenge HTTP/2 requests
                 // that require auth and they'll downgrade to HTTP/1.1.
+                Logger.ProtocolNotSupported(Request.Protocol);
                 return AuthenticateResult.NoResult();
             }
 

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ internal static class NegotiateLoggingExtensions`
`18`	`18`	`private static Action<ILogger, Exception?> _reauthenticating;`
`19`	`19`	`private static Action<ILogger, Exception?> _deferring;`
`20`	`20`	`private static Action<ILogger, string, Exception?> _negotiateError;`
	`21`	`+ private static Action<ILogger, string, Exception?> _protocolNotSupported;`
`21`	`22`
`22`	`23`	`static NegotiateLoggingExtensions()`
`23`	`24`	`{`
`@@ -65,6 +66,10 @@ static NegotiateLoggingExtensions()`
`65`	`66`	`eventId: new EventId(11, "NegotiateError"),`
`66`	`67`	`logLevel: LogLevel.Debug,`
`67`	`68`	`formatString: "Negotiate error code: {error}.");`
	`69`	`+ _protocolNotSupported = LoggerMessage.Define<string>(`
	`70`	`+ eventId: new EventId(12, "ProtocolNotSupported"),`
	`71`	`+ logLevel: LogLevel.Debug,`
	`72`	`+ formatString: "Negotiate is not supported with {protocol}.");`
`68`	`73`	`}`
`69`	`74`
`70`	`75`	`public static void IncompleteNegotiateChallenge(this ILogger logger)`
`@@ -99,5 +104,8 @@ public static void ClientError(this ILogger logger, Exception ex)`
`99`	`104`
`100`	`105`	`public static void NegotiateError(this ILogger logger, string error)`
`101`	`106`	`=> _negotiateError(logger, error, null);`
	`107`	`+`
	`108`	`+ public static void ProtocolNotSupported(this ILogger logger, string protocol)`
	`109`	`+ => _protocolNotSupported(logger, protocol, null);`
`102`	`110`	`}`
`103`	`111`	`}`
Original file line number	Diff line number	Diff line change
`@@ -299,6 +299,7 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()`
`299`	`299`	`// Not supported. We don't throw because Negotiate may be set as the default auth`
`300`	`300`	`// handler on a server that's running HTTP/1 and HTTP/2. We'll challenge HTTP/2 requests`
`301`	`301`	`// that require auth and they'll downgrade to HTTP/1.1.`
	`302`	`+ Logger.ProtocolNotSupported(Request.Protocol);`
`302`	`303`	`return AuthenticateResult.NoResult();`
`303`	`304`	`}`
`304`	`305`