diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
index 560308d6a1..9b161fa048 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
@@ -67,8 +67,6 @@
true
$(RawClDefines);SUPPRESS_SECURITY_RULES=1
- true
- $(DefineConstants);ADONET_SERVICE;ADONET_CERT_AUTH;ADONET_ORIGINAL_CLIENT_ADDRESS
True
False
@@ -706,8 +704,6 @@
-
-
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperARM64.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperARM64.cs
index 6e9bda11cd..e4c938a3f9 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperARM64.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperARM64.cs
@@ -16,9 +16,6 @@ internal static class SNINativeManagedWrapperARM64
[DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIAddProviderWrapper")]
internal static extern uint SNIAddProvider(SNIHandle pConn, ProviderEnum ProvNum, [In] ref uint pInfo);
- [DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIAddProviderWrapper")]
- internal static extern uint SNIAddProviderWrapper(SNIHandle pConn, ProviderEnum ProvNum, [In] ref SNICTAIPProviderInfo pInfo);
-
[DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIAddProviderWrapper")]
internal static extern uint SNIAddProviderWrapper(SNIHandle pConn, ProviderEnum ProvNum, [In] ref AuthProviderInfo pInfo);
@@ -132,9 +129,6 @@ internal static extern unsafe uint SNISecGenClientContextWrapper(
[DllImport(SNI, CallingConvention = CallingConvention.Cdecl)]
internal static extern uint SNIWriteSyncOverAsync(SNIHandle pConn, [In] SNIPacket pPacket);
- [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)]
- internal static extern IntPtr SNIClientCertificateFallbackWrapper(IntPtr pCallbackContext);
-
[DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIServerEnumOpenWrapper")]
internal static extern IntPtr SNIServerEnumOpen();
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs
index acb10c8c79..298f6cc3f5 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX64.cs
@@ -16,9 +16,6 @@ internal static class SNINativeManagedWrapperX64
[DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIAddProviderWrapper")]
internal static extern uint SNIAddProvider(SNIHandle pConn, ProviderEnum ProvNum, [In] ref uint pInfo);
- [DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIAddProviderWrapper")]
- internal static extern uint SNIAddProviderWrapper(SNIHandle pConn, ProviderEnum ProvNum, [In] ref SNICTAIPProviderInfo pInfo);
-
[DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIAddProviderWrapper")]
internal static extern uint SNIAddProviderWrapper(SNIHandle pConn, ProviderEnum ProvNum, [In] ref AuthProviderInfo pInfo);
@@ -132,9 +129,6 @@ internal static extern unsafe uint SNISecGenClientContextWrapper(
[DllImport(SNI, CallingConvention = CallingConvention.Cdecl)]
internal static extern uint SNIWriteSyncOverAsync(SNIHandle pConn, [In] SNIPacket pPacket);
- [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)]
- internal static extern IntPtr SNIClientCertificateFallbackWrapper(IntPtr pCallbackContext);
-
[DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIServerEnumOpenWrapper")]
internal static extern IntPtr SNIServerEnumOpen();
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs
index c8bb7c0e93..7215c54ced 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeManagedWrapperX86.cs
@@ -16,9 +16,6 @@ internal static class SNINativeManagedWrapperX86
[DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIAddProviderWrapper")]
internal static extern uint SNIAddProvider(SNIHandle pConn, ProviderEnum ProvNum, [In] ref uint pInfo);
- [DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIAddProviderWrapper")]
- internal static extern uint SNIAddProviderWrapper(SNIHandle pConn, ProviderEnum ProvNum, [In] ref SNICTAIPProviderInfo pInfo);
-
[DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIAddProviderWrapper")]
internal static extern uint SNIAddProviderWrapper(SNIHandle pConn, ProviderEnum ProvNum, [In] ref AuthProviderInfo pInfo);
@@ -132,9 +129,6 @@ internal static extern unsafe uint SNISecGenClientContextWrapper(
[DllImport(SNI, CallingConvention = CallingConvention.Cdecl)]
internal static extern uint SNIWriteSyncOverAsync(SNIHandle pConn, [In] SNIPacket pPacket);
- [DllImport(SNI, CallingConvention = CallingConvention.Cdecl)]
- internal static extern IntPtr SNIClientCertificateFallbackWrapper(IntPtr pCallbackContext);
-
[DllImport(SNI, CallingConvention = CallingConvention.Cdecl, EntryPoint = "SNIServerEnumOpenWrapper")]
internal static extern IntPtr SNIServerEnumOpen();
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs
index c3e74715ad..dff730c02c 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/Interop/SNINativeMethodWrapper.cs
@@ -186,26 +186,6 @@ internal struct AuthProviderInfo
public string serverCertFileName;
};
- internal struct CTAIPProviderInfo
- {
- internal byte[] originalNetworkAddress;
- internal Boolean fromDataSecurityProxy;
- };
-
- struct SNIAuthProviderInfoWrapper
- {
- internal object pDelegateContext;
- internal SqlClientCertificateDelegate pSqlClientCertificateDelegate;
- };
-
- internal struct SNICTAIPProviderInfo
- {
- internal SNIHandle pConn;
- internal byte prgbAddress;
- internal ulong cbAddress;
- internal bool fFromDataSecurityProxy;
- };
-
[StructLayout(LayoutKind.Sequential)]
internal struct CredHandle
{
@@ -418,21 +398,6 @@ internal static uint SNIAddProvider(SNIHandle pConn, ProviderEnum ProvNum, [In]
}
}
- internal static uint SNIAddProviderWrapper(SNIHandle pConn, ProviderEnum ProvNum, [In] ref SNICTAIPProviderInfo pInfo)
- {
- switch (s_architecture)
- {
- case System.Runtime.InteropServices.Architecture.Arm64:
- return SNINativeManagedWrapperARM64.SNIAddProviderWrapper(pConn, ProvNum, ref pInfo);
- case System.Runtime.InteropServices.Architecture.X64:
- return SNINativeManagedWrapperX64.SNIAddProviderWrapper(pConn, ProvNum, ref pInfo);
- case System.Runtime.InteropServices.Architecture.X86:
- return SNINativeManagedWrapperX86.SNIAddProviderWrapper(pConn, ProvNum, ref pInfo);
- default:
- throw ADP.SNIPlatformNotSupported(s_architecture.ToString());
- }
- }
-
internal static uint SNIAddProviderWrapper(SNIHandle pConn, ProviderEnum ProvNum, [In] ref AuthProviderInfo pInfo)
{
switch (s_architecture)
@@ -943,21 +908,6 @@ private static uint SNIWriteSyncOverAsync(SNIHandle pConn, [In] SNIPacket pPacke
throw ADP.SNIPlatformNotSupported(s_architecture.ToString());
}
}
-
- private static IntPtr SNIClientCertificateFallbackWrapper(IntPtr pCallbackContext)
- {
- switch (s_architecture)
- {
- case System.Runtime.InteropServices.Architecture.Arm64:
- return SNINativeManagedWrapperARM64.SNIClientCertificateFallbackWrapper(pCallbackContext);
- case System.Runtime.InteropServices.Architecture.X64:
- return SNINativeManagedWrapperX64.SNIClientCertificateFallbackWrapper(pCallbackContext);
- case System.Runtime.InteropServices.Architecture.X86:
- return SNINativeManagedWrapperX86.SNIClientCertificateFallbackWrapper(pCallbackContext);
- default:
- throw ADP.SNIPlatformNotSupported(s_architecture.ToString());
- }
- }
#endregion
internal static uint SNISecGetServerCertificate(SNIHandle pConnectionObject, ref X509Certificate2 certificate)
@@ -1185,16 +1135,8 @@ internal static uint SNIAddProvider(SNIHandle pConn,
{
UInt32 ret;
uint ERROR_SUCCESS = 0;
- SNIAuthProviderInfoWrapper sniAuthInfoWrapper;
- if (authInfo.clientCertificateCallback != null)
- {
- sniAuthInfoWrapper.pDelegateContext = authInfo.clientCertificateCallbackContext;
- sniAuthInfoWrapper.pSqlClientCertificateDelegate = authInfo.clientCertificateCallback;
-
- authInfo.clientCertificateCallbackContext = sniAuthInfoWrapper;
- authInfo.clientCertificateCallback = SNIClientCertificateFallbackWrapper;
- }
+ Debug.Assert(authInfo.clientCertificateCallback == null, "CTAIP support has been removed");
ret = SNIAddProviderWrapper(pConn, providerEnum, ref authInfo);
@@ -1208,34 +1150,6 @@ internal static uint SNIAddProvider(SNIHandle pConn,
return ret;
}
- [ResourceExposure(ResourceScope.None)]
- [ResourceConsumption(ResourceScope.Machine, ResourceScope.Machine)]
- internal static uint SNIAddProvider(SNIHandle pConn,
- ProviderEnum providerEnum,
- CTAIPProviderInfo authInfo)
- {
- UInt32 ret;
- uint ERROR_SUCCESS = 0;
-
-
- SNICTAIPProviderInfo ctaipInfo = new SNICTAIPProviderInfo();
-
- ctaipInfo.prgbAddress = authInfo.originalNetworkAddress[0];
- ctaipInfo.cbAddress = (byte)authInfo.originalNetworkAddress.Length;
- ctaipInfo.fFromDataSecurityProxy = authInfo.fromDataSecurityProxy;
-
- ret = SNIAddProviderWrapper(pConn, providerEnum, ref ctaipInfo);
-
- if (ret == ERROR_SUCCESS)
- {
- // added a provider, need to requery for sync over async support
- ret = SNIGetInfoWrapper(pConn, QTypes.SNI_QUERY_CONN_SUPPORTS_SYNC_OVER_ASYNC, out bool _);
- Debug.Assert(ret == ERROR_SUCCESS, "SNIGetInfo cannot fail with this QType");
- }
-
- return ret;
- }
-
internal static void SNIPacketAllocate(SafeHandle pConn, IOType IOType, ref IntPtr pPacket)
{
pPacket = SNIPacketAllocateWrapper(pConn, IOType);
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlCertificateCallbacks.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlCertificateCallbacks.cs
deleted file mode 100644
index 8cb5636705..0000000000
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlCertificateCallbacks.cs
+++ /dev/null
@@ -1,31 +0,0 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-// See the LICENSE file in the project root for more information.
-
-using System.Security.Cryptography.X509Certificates;
-
-namespace Microsoft.Data.SqlClient
-{
- ///
- /// A callback to validate server certificate.
- ///
- ///
- ///
-#if ADONET_CERT_AUTH
- public
-#else
- internal
-#endif
- delegate bool ServerCertificateValidationCallback(X509Certificate2 certificate);
-
- ///
- /// A callback to provide client certificate on demand from a store normally different from system certificate store.
- ///
- ///
-#if ADONET_CERT_AUTH
- public
-#else
- internal
-#endif
- delegate X509Certificate2 ClientCertificateRetrievalCallback();
-}
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlClientOriginalAddressInfo.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlClientOriginalAddressInfo.cs
deleted file mode 100644
index 3800c195a3..0000000000
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlClientOriginalAddressInfo.cs
+++ /dev/null
@@ -1,73 +0,0 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-// See the LICENSE file in the project root for more information.
-
-using System;
-using System.Net;
-
-namespace Microsoft.Data.SqlClient
-{
- ///
- /// Class to pass original client information.
- ///
-#if ADONET_ORIGINAL_CLIENT_ADDRESS
- public
-#else
- internal
-#endif
- sealed class SqlClientOriginalNetworkAddressInfo
- {
- public SqlClientOriginalNetworkAddressInfo(IPAddress address, bool isFromDataSecurityProxy = false)
- {
- if (address == null)
- {
- throw new ArgumentNullException("address");
- }
-
- _address = address;
- _isFromDataSecurityProxy = isFromDataSecurityProxy;
- }
-
- public override int GetHashCode()
- {
- return _address != null ? _address.GetHashCode() : 0;
- }
-
- public override bool Equals(object other)
- {
- SqlClientOriginalNetworkAddressInfo otherAddress = other as SqlClientOriginalNetworkAddressInfo;
-
- if (otherAddress == null)
- {
- return false;
- }
-
- if (otherAddress._address != _address)
- {
- return false;
- }
-
- if (_isFromDataSecurityProxy != otherAddress._isFromDataSecurityProxy)
- {
- return false;
- }
-
- return true;
- }
-
- public IPAddress Address
- {
- get { return _address; }
- }
-
- public bool IsFromDataSecurityProxy
- {
- get { return _isFromDataSecurityProxy; }
- }
-
- private IPAddress _address;
-
- private bool _isFromDataSecurityProxy;
- }
-}
-
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnection.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnection.cs
index 62145bc69e..359d196f16 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnection.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnection.cs
@@ -311,9 +311,6 @@ internal List GetColumnEncryptionCustomKeyStoreProvidersNames()
internal WindowsIdentity _lastIdentity;
internal WindowsIdentity _impersonateIdentity;
private int _reconnectCount;
- private ServerCertificateValidationCallback _serverCertificateValidationCallback;
- private ClientCertificateRetrievalCallback _clientCertificateRetrievalCallback;
- private SqlClientOriginalNetworkAddressInfo _originalNetworkAddressInfo;
// Retry Logic
private SqlRetryLogicBaseProvider _retryLogicProvider;
@@ -430,9 +427,6 @@ private SqlConnection(SqlConnection connection)
}
_accessToken = connection._accessToken;
_accessTokenCallback = connection._accessTokenCallback;
- _serverCertificateValidationCallback = connection._serverCertificateValidationCallback;
- _clientCertificateRetrievalCallback = connection._clientCertificateRetrievalCallback;
- _originalNetworkAddressInfo = connection._originalNetworkAddressInfo;
CacheConnectionStringProperties();
}
@@ -660,11 +654,6 @@ private bool UsesClearUserIdOrPassword(SqlConnectionString opt)
return result;
}
- private bool UsesCertificate(SqlConnectionString opt)
- {
- return opt != null && opt.UsesCertificate;
- }
-
internal SqlConnectionString.TransactionBindingEnum TransactionBinding
{
get
@@ -752,7 +741,7 @@ public string AccessToken
_accessToken = value;
// Need to call ConnectionString_Set to do proper pool group check
- ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, _credential, _accessToken, _serverCertificateValidationCallback, _clientCertificateRetrievalCallback, _originalNetworkAddressInfo, null));
+ ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, _credential, _accessToken, null));
}
}
@@ -774,7 +763,7 @@ public Func retry, SqlConnec
}
else
{
- if (this.UsesIntegratedSecurity(connectionOptions) || this.UsesCertificate(connectionOptions) || this.UsesActiveDirectoryIntegrated(connectionOptions))
+ if (this.UsesIntegratedSecurity(connectionOptions) || this.UsesActiveDirectoryIntegrated(connectionOptions))
{
_lastIdentity = DbConnectionPoolIdentity.GetCurrentWindowsIdentity();
}
@@ -2777,7 +2727,7 @@ public static void ChangePassword(string connectionString, string newPassword)
throw ADP.InvalidArgumentLength("newPassword", TdsEnums.MAXLEN_NEWPASSWORD);
}
- SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential: null, accessToken: null, serverCertificateValidationCallback: null, clientCertificateRetrievalCallback: null, originalNetworkAddressInfo: null, accessTokenCallback: null);
+ SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential: null, accessToken: null, accessTokenCallback: null);
SqlConnectionString connectionOptions = SqlConnectionFactory.FindSqlConnectionOptions(key);
if (connectionOptions.IntegratedSecurity || connectionOptions.Authentication == SqlAuthenticationMethod.ActiveDirectoryIntegrated)
@@ -2833,7 +2783,7 @@ public static void ChangePassword(string connectionString, SqlCredential credent
throw ADP.InvalidArgumentLength("newSecurePassword", TdsEnums.MAXLEN_NEWPASSWORD);
}
- SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential, accessToken: null, serverCertificateValidationCallback: null, clientCertificateRetrievalCallback: null, originalNetworkAddressInfo: null, accessTokenCallback: null);
+ SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential, accessToken: null, accessTokenCallback: null);
SqlConnectionString connectionOptions = SqlConnectionFactory.FindSqlConnectionOptions(key);
@@ -2878,7 +2828,7 @@ private static void ChangePassword(string connectionString, SqlConnectionString
throw SQL.ChangePasswordRequires2005();
}
}
- SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential, accessToken: null, serverCertificateValidationCallback: null, clientCertificateRetrievalCallback: null, originalNetworkAddressInfo: null, accessTokenCallback: null);
+ SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential, accessToken: null, accessTokenCallback: null);
SqlConnectionFactory.SingletonInstance.ClearPool(key);
}
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnectionFactory.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnectionFactory.cs
index 7951a1a8ac..e0132dabd6 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnectionFactory.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnectionFactory.cs
@@ -72,7 +72,7 @@ override protected DbConnectionInternal CreateConnection(DbConnectionOptions opt
// Pass DbConnectionPoolIdentity to SqlInternalConnectionTds if using integrated security.
// Used by notifications.
- if (opt.IntegratedSecurity || opt.UsesCertificate || opt.Authentication == SqlAuthenticationMethod.ActiveDirectoryIntegrated)
+ if (opt.IntegratedSecurity || opt.Authentication == SqlAuthenticationMethod.ActiveDirectoryIntegrated)
{
if (pool != null)
{
@@ -141,7 +141,7 @@ override protected DbConnectionInternal CreateConnection(DbConnectionOptions opt
opt = new SqlConnectionString(opt, instanceName, false /* user instance=false */, null /* do not modify the Enlist value */);
poolGroupProviderInfo = null; // null so we do not pass to constructor below...
}
- result = new SqlInternalConnectionTds(identity, opt, key.Credential, poolGroupProviderInfo, "", null, redirectedUserInstance, userOpt, recoverySessionData, key.ServerCertificateValidationCallback, key.ClientCertificateRetrievalCallback, pool, key.AccessToken, key.OriginalNetworkAddressInfo, applyTransientFaultHandling: applyTransientFaultHandling, key.AccessTokenCallback);
+ result = new SqlInternalConnectionTds(identity, opt, key.Credential, poolGroupProviderInfo, "", null, redirectedUserInstance, userOpt, recoverySessionData, pool, key.AccessToken, applyTransientFaultHandling: applyTransientFaultHandling, key.AccessTokenCallback);
}
return result;
}
@@ -195,7 +195,7 @@ override protected DbConnectionPoolGroupOptions CreateConnectionPoolGroupOptions
}
poolingOptions = new DbConnectionPoolGroupOptions(
- opt.IntegratedSecurity || opt.UsesCertificate || opt.Authentication == SqlAuthenticationMethod.ActiveDirectoryIntegrated,
+ opt.IntegratedSecurity || opt.Authentication == SqlAuthenticationMethod.ActiveDirectoryIntegrated,
opt.MinPoolSize,
opt.MaxPoolSize,
connectionTimeout,
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
index 0eed515abd..96b9f9635a 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
@@ -140,11 +140,6 @@ sealed internal class SqlInternalConnectionTds : SqlInternalConnection, IDisposa
private readonly ActiveDirectoryAuthenticationTimeoutRetryHelper _activeDirectoryAuthTimeoutRetryHelper;
- // Certificate auth calbacks.
- ServerCertificateValidationCallback _serverCallback;
- ClientCertificateRetrievalCallback _clientCallback;
- SqlClientOriginalNetworkAddressInfo _originalNetworkAddressInfo;
-
internal bool _cleanSQLDNSCaching = false;
private bool _serverSupportsDNSCaching = false;
@@ -430,11 +425,8 @@ internal SqlInternalConnectionTds(
bool redirectedUserInstance,
SqlConnectionString userConnectionOptions = null, // NOTE: userConnectionOptions may be different to connectionOptions if the connection string has been expanded (see SqlConnectionString.Expand)
SessionData reconnectSessionData = null,
- ServerCertificateValidationCallback serverCallback = null,
- ClientCertificateRetrievalCallback clientCallback = null,
DbConnectionPool pool = null,
string accessToken = null,
- SqlClientOriginalNetworkAddressInfo originalNetworkAddressInfo = null,
bool applyTransientFaultHandling = false,
Func> accessTokenCallback = null) : base(connectionOptions)
@@ -496,10 +488,6 @@ internal SqlInternalConnectionTds(
_activeDirectoryAuthTimeoutRetryHelper = new ActiveDirectoryAuthenticationTimeoutRetryHelper();
- _serverCallback = serverCallback;
- _clientCallback = clientCallback;
- _originalNetworkAddressInfo = originalNetworkAddressInfo;
-
_identity = identity;
Debug.Assert(newSecurePassword != null || newPassword != null, "cannot have both new secure change password and string based change password to be null");
Debug.Assert(credential == null || (string.IsNullOrEmpty(connectionOptions.UserID) && string.IsNullOrEmpty(connectionOptions.Password)), "cannot mix the new secure password system and the connection string based password");
@@ -1641,7 +1629,7 @@ private void Login(ServerInfo server, TimeoutTimer timeout, string newPassword,
requestedFeatures |= TdsEnums.FeatureExtension.JsonSupport;
- _parser.TdsLogin(login, requestedFeatures, _recoverySessionData, _fedAuthFeatureExtensionData, _originalNetworkAddressInfo, encrypt);
+ _parser.TdsLogin(login, requestedFeatures, _recoverySessionData, _fedAuthFeatureExtensionData, encrypt);
}
private void LoginFailure()
@@ -2316,9 +2304,6 @@ private void AttemptOneLogin(ServerInfo serverInfo, string newPassword, SecureSt
ConnectionOptions,
withFailover,
isFirstTransparentAttempt,
- _serverCallback,
- _clientCallback,
- _originalNetworkAddressInfo != null,
disableTnir);
_timeoutErrorInternal.EndPhase(SqlConnectionTimeoutErrorPhase.ConsumePreLoginHandshake);
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs
index 3b331e5eb5..8267bc75e0 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs
@@ -182,8 +182,6 @@ internal static void Assert(string message)
private static EncryptionOptions _sniSupportedEncryptionOption = SNILoadHandle.SingletonInstance.Options;
- private static SNINativeMethodWrapper.SqlClientCertificateDelegate _clientCertificateCallback = new SNINativeMethodWrapper.SqlClientCertificateDelegate(ClientCertificateDelegate);
-
private EncryptionOptions _encryptionOption = _sniSupportedEncryptionOption;
private SqlInternalTransaction _currentTransaction;
@@ -493,9 +491,6 @@ internal void Connect(ServerInfo serverInfo,
SqlConnectionString connectionOptions,
bool withFailover,
bool isFirstTransparentAttempt,
- ServerCertificateValidationCallback serverCallback,
- ClientCertificateRetrievalCallback clientCallback,
- bool useOriginalAddressInfo,
bool disableTnir)
{
SqlConnectionEncryptOption encrypt = connectionOptions.Encrypt;
@@ -503,7 +498,6 @@ internal void Connect(ServerInfo serverInfo,
bool trustServerCert = connectionOptions.TrustServerCertificate;
bool integratedSecurity = connectionOptions.IntegratedSecurity;
SqlAuthenticationMethod authType = connectionOptions.Authentication;
- string certificate = connectionOptions.Certificate;
string hostNameInCertificate = connectionOptions.HostNameInCertificate;
string serverCertificateFilename = connectionOptions.ServerCertificate;
@@ -714,11 +708,7 @@ internal void Connect(ServerInfo serverInfo,
instanceName,
encrypt,
integratedSecurity,
- !string.IsNullOrEmpty(certificate),
- useOriginalAddressInfo,
- serverCertificateFilename,
- serverCallback,
- clientCallback);
+ serverCertificateFilename);
_connHandler.TimeoutErrorInternal.EndPhase(SqlConnectionTimeoutErrorPhase.SendPreLoginHandshake);
_connHandler.TimeoutErrorInternal.SetAndBeginPhase(SqlConnectionTimeoutErrorPhase.ConsumePreLoginHandshake);
@@ -731,8 +721,6 @@ internal void Connect(ServerInfo serverInfo,
encrypt,
trustServerCert,
integratedSecurity,
- serverCallback,
- clientCallback,
out marsCapable,
out _connHandler._fedAuthRequired,
isTlsFirst,
@@ -780,19 +768,13 @@ internal void Connect(ServerInfo serverInfo,
instanceName,
encrypt,
integratedSecurity,
- !string.IsNullOrEmpty(certificate),
- useOriginalAddressInfo,
- serverCertificateFilename,
- serverCallback,
- clientCallback);
+ serverCertificateFilename);
status = ConsumePreLoginHandshake(
authType,
encrypt,
trustServerCert,
integratedSecurity,
- serverCallback,
- clientCallback,
out marsCapable,
out _connHandler._fedAuthRequired,
isTlsFirst,
@@ -1043,18 +1025,14 @@ private void SendPreLoginHandshake(
byte[] instanceName,
SqlConnectionEncryptOption encrypt,
bool integratedSecurity,
- bool clientCertificate,
- bool useCtaip,
- string serverCertificate,
- ServerCertificateValidationCallback serverCallback,
- ClientCertificateRetrievalCallback clientCallback)
+ string serverCertificate)
{
if (encrypt == SqlConnectionEncryptOption.Strict)
{
//Always validate the certificate when in strict encryption mode
uint info = TdsEnums.SNI_SSL_VALIDATE_CERTIFICATE | TdsEnums.SNI_SSL_USE_SCHANNEL_CACHE | TdsEnums.SNI_SSL_SEND_ALPN_EXTENSION;
- EnableSsl(info, encrypt, integratedSecurity, serverCertificate, serverCallback, clientCallback);
+ EnableSsl(info, encrypt, integratedSecurity, serverCertificate);
// Since encryption has already been negotiated, we need to set encryption not supported in
// prelogin so that we don't try to negotiate encryption again during ConsumePreLoginHandshake.
@@ -1131,20 +1109,6 @@ private void SendPreLoginHandshake(
payload[payloadLength] = (byte)EncryptionOptions.OFF;
_encryptionOption = EncryptionOptions.OFF;
}
-
- // Inform server of user request.
- if (clientCertificate)
- {
- payload[payloadLength] |= (byte)EncryptionOptions.CLIENT_CERT;
- _encryptionOption |= EncryptionOptions.CLIENT_CERT;
- }
- }
-
- // Add CTAIP if requested.
- if (useCtaip)
- {
- payload[payloadLength] |= (byte)EncryptionOptions.CTAIP;
- _encryptionOption |= EncryptionOptions.CTAIP;
}
payloadLength += 1;
@@ -1236,7 +1200,7 @@ private void SendPreLoginHandshake(
_physicalStateObj.WritePacket(TdsEnums.HARDFLUSH);
}
- private void EnableSsl(uint info, SqlConnectionEncryptOption encrypt, bool integratedSecurity, string serverCertificate, ServerCertificateValidationCallback serverCallback, ClientCertificateRetrievalCallback clientCallback)
+ private void EnableSsl(uint info, SqlConnectionEncryptOption encrypt, bool integratedSecurity, string serverCertificate)
{
uint error = 0;
@@ -1258,27 +1222,7 @@ private void EnableSsl(uint info, SqlConnectionEncryptOption encrypt, bool integ
authInfo.clientCertificateCallback = null;
authInfo.serverCertFileName = string.IsNullOrEmpty(serverCertificate) ? null : serverCertificate;
- if ((_encryptionOption & EncryptionOptions.CLIENT_CERT) != 0)
- {
-
- string certificate = _connHandler.ConnectionOptions.Certificate;
-
- if (certificate.StartsWith("subject:", StringComparison.OrdinalIgnoreCase))
- {
- authInfo.certId = certificate.Substring(8);
- }
- else if (certificate.StartsWith("sha1:", StringComparison.OrdinalIgnoreCase))
- {
- authInfo.certId = certificate.Substring(5);
- authInfo.certHash = true;
- }
-
- if (clientCallback != null)
- {
- authInfo.clientCertificateCallbackContext = clientCallback;
- authInfo.clientCertificateCallback = _clientCertificateCallback;
- }
- }
+ Debug.Assert((_encryptionOption & EncryptionOptions.CLIENT_CERT) == 0, "Client certificate authentication support has been removed");
error = SNINativeMethodWrapper.SNIAddProvider(_physicalStateObj.Handle, SNINativeMethodWrapper.ProviderEnum.SSL_PROV, authInfo);
@@ -1315,25 +1259,6 @@ private void EnableSsl(uint info, SqlConnectionEncryptOption encrypt, bool integ
}
}
- // Validate server certificate
- if (serverCallback != null)
- {
- X509Certificate2 serverCert = null;
-
- error = SNINativeMethodWrapper.SNISecGetServerCertificate(_physicalStateObj.Handle, ref serverCert);
- if (error != TdsEnums.SNI_SUCCESS)
- {
- _physicalStateObj.AddError(ProcessSNIError(_physicalStateObj));
- ThrowExceptionAndWarning(_physicalStateObj);
- }
-
- bool valid = serverCallback(serverCert);
- if (!valid)
- {
- throw SQL.InvalidServerCertificate();
- }
- }
-
// create a new packet encryption changes the internal packet size Bug# 228403
_physicalStateObj.ClearAllWritePackets();
}
@@ -1343,8 +1268,6 @@ private PreLoginHandshakeStatus ConsumePreLoginHandshake(
SqlConnectionEncryptOption encrypt,
bool trustServerCert,
bool integratedSecurity,
- ServerCertificateValidationCallback serverCallback,
- ClientCertificateRetrievalCallback clientCallback,
out bool marsCapable,
out bool fedAuthRequired,
bool tlsFirst,
@@ -1401,7 +1324,6 @@ private PreLoginHandshakeStatus ConsumePreLoginHandshake(
int payloadLength = 0;
int option = payload[offset++];
bool serverSupportsEncryption = false;
- bool serverSupportsCTAIP = false;
while (option != (byte)PreLoginOptions.LASTOPT)
{
@@ -1489,9 +1411,6 @@ private PreLoginHandshakeStatus ConsumePreLoginHandshake(
break;
}
- // Check if the server will accept CTAIP.
- serverSupportsCTAIP = (serverOption & EncryptionOptions.CTAIP) != 0;
-
break;
case (int)PreLoginOptions.INSTANCE:
@@ -1572,13 +1491,6 @@ private PreLoginHandshakeStatus ConsumePreLoginHandshake(
}
}
- if ((_encryptionOption & EncryptionOptions.CTAIP) != 0 && !serverSupportsCTAIP)
- {
- _physicalStateObj.AddError(new SqlError(TdsEnums.CTAIP_NOT_SUPPORTED, (byte)0x00, TdsEnums.FATAL_ERROR_CLASS, _server, SQLMessage.CTAIPNotSupportedByServer(), "", 0));
- _physicalStateObj.Dispose();
- ThrowExceptionAndWarning(_physicalStateObj);
- }
-
if ((_encryptionOption & EncryptionOptions.OPTIONS_MASK) == EncryptionOptions.ON ||
(_encryptionOption & EncryptionOptions.OPTIONS_MASK) == EncryptionOptions.LOGIN)
{
@@ -1589,18 +1501,13 @@ private PreLoginHandshakeStatus ConsumePreLoginHandshake(
ThrowExceptionAndWarning(_physicalStateObj);
}
- if (serverCallback != null)
- {
- trustServerCert = true;
- }
-
// Validate Certificate if Trust Server Certificate=false and Encryption forced (EncryptionOptions.ON) from Server.
bool shouldValidateServerCert = (_encryptionOption == EncryptionOptions.ON && !trustServerCert) || ((_connHandler._accessTokenInBytes != null || _connHandler._accessTokenCallback != null) && !trustServerCert);
uint info = (shouldValidateServerCert ? TdsEnums.SNI_SSL_VALIDATE_CERTIFICATE : 0)
- | (is2005OrLater && (_encryptionOption & EncryptionOptions.CLIENT_CERT) == 0 ? TdsEnums.SNI_SSL_USE_SCHANNEL_CACHE : 0);
+ | (is2005OrLater ? TdsEnums.SNI_SSL_USE_SCHANNEL_CACHE : 0);
- EnableSsl(info, encrypt, integratedSecurity, serverCertificateFilename, serverCallback, clientCallback);
+ EnableSsl(info, encrypt, integratedSecurity, serverCertificateFilename);
}
return PreLoginHandshakeStatus.Successful;
@@ -14164,32 +14071,5 @@ private string TraceObjectClass(object instance)
return instance.GetType().ToString();
}
}
-
- private static IntPtr ClientCertificateDelegate(IntPtr ptrContext)
- {
- GCHandle clientDelegate = GCHandle.FromIntPtr(ptrContext);
-
- try
- {
- ClientCertificateRetrievalCallback clientCallback = (ClientCertificateRetrievalCallback)clientDelegate.Target;
-
- X509Certificate2 cert = clientCallback();
- if (cert != null)
- {
- return cert.Handle;
- }
- else
- {
- return IntPtr.Zero;
- }
- }
- catch
- {
- // Currently exceptions are not marshalled back.
- //
- Debug.Assert(false);
- return IntPtr.Zero;
- }
- }
} // tdsparser
}//namespace
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/Common/DbConnectionStringCommon.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/Common/DbConnectionStringCommon.cs
index f2203166a8..1c798e90d6 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/Common/DbConnectionStringCommon.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/Common/DbConnectionStringCommon.cs
@@ -356,7 +356,6 @@ internal static ApplicationIntent ConvertToApplicationIntent(string keyword, obj
internal const string ActiveDirectoryMSIString = "Active Directory MSI";
internal const string ActiveDirectoryDefaultString = "Active Directory Default";
internal const string ActiveDirectoryWorkloadIdentityString = "Active Directory Workload Identity";
- const string SqlCertificateString = "Sql Certificate";
#if DEBUG
private static readonly string[] s_supportedAuthenticationModes =
@@ -454,13 +453,6 @@ internal static bool TryConvertToAuthenticationType(string value, out SqlAuthent
result = SqlAuthenticationMethod.ActiveDirectoryDefault;
isSuccess = true;
}
-#if ADONET_CERT_AUTH && NETFRAMEWORK
- else if (StringComparer.InvariantCultureIgnoreCase.Equals(value, SqlCertificateString)
- || StringComparer.InvariantCultureIgnoreCase.Equals(value, Convert.ToString(SqlAuthenticationMethod.SqlCertificate, CultureInfo.InvariantCulture))) {
- result = SqlAuthenticationMethod.SqlCertificate;
- isSuccess = true;
- }
-#endif
else if (StringComparer.InvariantCultureIgnoreCase.Equals(value, ActiveDirectoryWorkloadIdentityString)
|| StringComparer.InvariantCultureIgnoreCase.Equals(value, Convert.ToString(SqlAuthenticationMethod.ActiveDirectoryWorkloadIdentity, CultureInfo.InvariantCulture)))
{
@@ -532,11 +524,7 @@ internal static string ColumnEncryptionSettingToString(SqlConnectionColumnEncryp
internal static bool IsValidAuthenticationTypeValue(SqlAuthenticationMethod value)
{
-#if ADONET_CERT_AUTH && NETFRAMEWORK
- Debug.Assert(Enum.GetNames(typeof(SqlAuthenticationMethod)).Length == 12, "SqlAuthenticationMethod enum has changed, update needed");
-#else
Debug.Assert(Enum.GetNames(typeof(SqlAuthenticationMethod)).Length == 11, "SqlAuthenticationMethod enum has changed, update needed");
-#endif
return value == SqlAuthenticationMethod.SqlPassword
|| value == SqlAuthenticationMethod.ActiveDirectoryPassword
|| value == SqlAuthenticationMethod.ActiveDirectoryIntegrated
@@ -546,9 +534,6 @@ internal static bool IsValidAuthenticationTypeValue(SqlAuthenticationMethod valu
|| value == SqlAuthenticationMethod.ActiveDirectoryManagedIdentity
|| value == SqlAuthenticationMethod.ActiveDirectoryMSI
|| value == SqlAuthenticationMethod.ActiveDirectoryDefault
-#if ADONET_CERT_AUTH && NETFRAMEWORK
- || value == SqlAuthenticationMethod.SqlCertificate
-#endif
|| value == SqlAuthenticationMethod.ActiveDirectoryWorkloadIdentity
|| value == SqlAuthenticationMethod.NotSpecified;
}
@@ -568,9 +553,6 @@ internal static string AuthenticationTypeToString(SqlAuthenticationMethod value)
SqlAuthenticationMethod.ActiveDirectoryManagedIdentity => ActiveDirectoryManagedIdentityString,
SqlAuthenticationMethod.ActiveDirectoryMSI => ActiveDirectoryMSIString,
SqlAuthenticationMethod.ActiveDirectoryDefault => ActiveDirectoryDefaultString,
-#if ADONET_CERT_AUTH && NETFRAMEWORK
- SqlAuthenticationMethod.SqlCertificate => SqlCertificateString,
-#endif
SqlAuthenticationMethod.ActiveDirectoryWorkloadIdentity => ActiveDirectoryWorkloadIdentityString,
_ => null
};
@@ -959,12 +941,6 @@ internal static SqlConnectionIPAddressPreference ConvertToIPAddressPreference(st
}
}
#endregion
-
-#if ADONET_CERT_AUTH && NETFRAMEWORK
- internal static bool IsValidCertificateValue(string value) => string.IsNullOrEmpty(value)
- || value.StartsWith("subject:", StringComparison.OrdinalIgnoreCase)
- || value.StartsWith("sha1:", StringComparison.OrdinalIgnoreCase);
-#endif
}
internal static class DbConnectionStringDefaults
@@ -985,9 +961,6 @@ internal static class DbConnectionStringDefaults
internal const bool ContextConnection = false;
internal static readonly bool TransparentNetworkIPResolution = !LocalAppContextSwitches.DisableTNIRByDefault;
internal const string NetworkLibrary = "";
-#if ADONET_CERT_AUTH
- internal const string Certificate = "";
-#endif
#endif
internal const string CurrentLanguage = "";
internal const string DataSource = "";
@@ -1043,9 +1016,6 @@ internal static class DbConnectionStringKeywords
// OracleClient
internal const string Unicode = "Unicode";
internal const string OmitOracleConnectionName = "Omit Oracle Connection Name";
-
- // SqlClient
- internal const string Certificate = "Certificate";
#endif
// SqlClient
internal const string ApplicationIntent = "Application Intent";
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnectionPoolKey.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnectionPoolKey.cs
index 1eed6a229d..04a0d32281 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnectionPoolKey.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnectionPoolKey.cs
@@ -33,41 +33,6 @@ internal override string ConnectionString
}
}
-#if NETFRAMEWORK
- #region NET Framework
- private readonly ServerCertificateValidationCallback _serverCertificateValidationCallback;
- private readonly ClientCertificateRetrievalCallback _clientCertificateRetrievalCallback;
- private readonly SqlClientOriginalNetworkAddressInfo _originalNetworkAddressInfo;
-
- internal ServerCertificateValidationCallback ServerCertificateValidationCallback
- => _serverCertificateValidationCallback;
-
- internal ClientCertificateRetrievalCallback ClientCertificateRetrievalCallback
- => _clientCertificateRetrievalCallback;
-
- internal SqlClientOriginalNetworkAddressInfo OriginalNetworkAddressInfo
- => _originalNetworkAddressInfo;
-
- internal SqlConnectionPoolKey(string connectionString,
- SqlCredential credential,
- string accessToken,
- ServerCertificateValidationCallback serverCertificateValidationCallback,
- ClientCertificateRetrievalCallback clientCertificateRetrievalCallback,
- SqlClientOriginalNetworkAddressInfo originalNetworkAddressInfo,
- Func> accessTokenCallback = null) : base(connectionString)
- {
- Debug.Assert(_credential == null || _accessToken == null || accessTokenCallback == null, "Credential, AccessToken, and Callback can't have a value at the same time.");
- _credential = credential;
- _accessToken = accessToken;
- _accessTokenCallback = accessTokenCallback;
- _serverCertificateValidationCallback = serverCertificateValidationCallback;
- _clientCertificateRetrievalCallback = clientCertificateRetrievalCallback;
- _originalNetworkAddressInfo = originalNetworkAddressInfo;
- CalculateHashCode();
- }
- #endregion
-#else
- #region NET Core
internal SqlConnectionPoolKey(string connectionString, SqlCredential credential, string accessToken, Func> accessTokenCallback) : base(connectionString)
{
Debug.Assert(credential == null || accessToken == null || accessTokenCallback == null, "Credential, AccessToken, and Callback can't have a value at the same time.");
@@ -76,18 +41,12 @@ internal SqlConnectionPoolKey(string connectionString, SqlCredential credential,
_accessTokenCallback = accessTokenCallback;
CalculateHashCode();
}
- #endregion
-#endif
private SqlConnectionPoolKey(SqlConnectionPoolKey key) : base(key)
{
_credential = key.Credential;
_accessToken = key.AccessToken;
_accessTokenCallback = key._accessTokenCallback;
-#if NETFRAMEWORK
- _serverCertificateValidationCallback = key._serverCertificateValidationCallback;
- _clientCertificateRetrievalCallback = key._clientCertificateRetrievalCallback;
-#endif
CalculateHashCode();
}
@@ -102,13 +61,7 @@ public override bool Equals(object obj)
&& _credential == key._credential
&& ConnectionString == key.ConnectionString
&& _accessTokenCallback == key._accessTokenCallback
- && string.CompareOrdinal(_accessToken, key._accessToken) == 0
-#if NETFRAMEWORK
- && _serverCertificateValidationCallback == key._serverCertificateValidationCallback
- && _clientCertificateRetrievalCallback == key._clientCertificateRetrievalCallback
- && _originalNetworkAddressInfo == key._originalNetworkAddressInfo
-#endif
- );
+ && string.CompareOrdinal(_accessToken, key._accessToken) == 0);
}
public override int GetHashCode()
@@ -141,16 +94,6 @@ private void CalculateHashCode()
_hashValue = _hashValue * 17 + _accessTokenCallback.GetHashCode();
}
}
-
-#if NETFRAMEWORK
- if (_originalNetworkAddressInfo != null)
- {
- unchecked
- {
- _hashValue = _hashValue * 17 + _originalNetworkAddressInfo.GetHashCode();
- }
- }
-#endif
}
}
}
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnectionString.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnectionString.cs
index 5518570bb2..91f9ddaa65 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnectionString.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnectionString.cs
@@ -68,9 +68,6 @@ internal static class DEFAULT
internal const bool Connection_Reset = DbConnectionStringDefaults.ConnectionReset;
internal const bool Context_Connection = DbConnectionStringDefaults.ContextConnection;
internal const string Network_Library = DbConnectionStringDefaults.NetworkLibrary;
-#if ADONET_CERT_AUTH
- internal const string Certificate = DbConnectionStringDefaults.Certificate;
-#endif
#endif // NETFRAMEWORK
}
@@ -126,9 +123,6 @@ internal static class KEY
internal const string Failover_Partner_SPN = DbConnectionStringKeywords.FailoverPartnerSPN;
#if NETFRAMEWORK
internal const string TransparentNetworkIPResolution = DbConnectionStringKeywords.TransparentNetworkIPResolution;
-#if ADONET_CERT_AUTH
- internal const string Certificate = DbConnectionStringKeywords.Certificate;
-#endif
#endif // NETFRAMEWORK
}
@@ -398,10 +392,6 @@ internal SqlConnectionString(string connectionString) : base(connectionString, G
_transparentNetworkIPResolution = ConvertValueToBoolean(KEY.TransparentNetworkIPResolution, DEFAULT.TransparentNetworkIPResolution);
_networkLibrary = ConvertValueToString(KEY.Network_Library, null);
-#if ADONET_CERT_AUTH
- _certificate = ConvertValueToString(KEY.Certificate, DEFAULT.Certificate);
-#endif
-
if (_contextConnection)
{
// We have to be running in the engine for you to request a
@@ -630,31 +620,6 @@ internal SqlConnectionString(string connectionString) : base(connectionString, G
{
throw SQL.NonInteractiveWithPassword(DbConnectionStringBuilderUtil.ActiveDirectoryWorkloadIdentityString);
}
-
-#if ADONET_CERT_AUTH && NETFRAMEWORK
-
- if (!DbConnectionStringBuilderUtil.IsValidCertificateValue(_certificate))
- {
- throw ADP.InvalidConnectionOptionValue(KEY.Certificate);
- }
-
- if (!string.IsNullOrEmpty(_certificate))
- {
-
- if (Authentication == SqlAuthenticationMethod.NotSpecified && !_integratedSecurity)
- {
- _authType = SqlAuthenticationMethod.SqlCertificate;
- }
-
- if (Authentication == SqlAuthenticationMethod.SqlCertificate && (_hasUserIdKeyword || _hasPasswordKeyword || _integratedSecurity)) {
- throw SQL.InvalidCertAuth();
- }
- }
- else if (Authentication == SqlAuthenticationMethod.SqlCertificate)
- {
- throw ADP.InvalidConnectionOptionValue(KEY.Authentication);
- }
-#endif
}
// This c-tor is used to create SSE and user instance connection strings when user instance is set to true
@@ -715,9 +680,6 @@ internal SqlConnectionString(SqlConnectionString connectionOptions, string dataS
_transparentNetworkIPResolution = connectionOptions._transparentNetworkIPResolution;
_networkLibrary = connectionOptions._networkLibrary;
_typeSystemAssemblyVersion = connectionOptions._typeSystemAssemblyVersion;
-#if ADONET_CERT_AUTH
- _certificate = connectionOptions._certificate;
-#endif
#endif // NETFRAMEWORK
ValidateValueLength(_dataSource, TdsEnums.MAXLEN_SERVERNAME, KEY.Data_Source);
}
@@ -916,9 +878,6 @@ internal static Dictionary GetParseSynonyms()
{ SYNONYM.ServerSPN, KEY.Server_SPN },
{ SYNONYM.FailoverPartnerSPN, KEY.Failover_Partner_SPN },
#if NETFRAMEWORK
-#if ADONET_CERT_AUTH
- { KEY.Certificate, KEY.Certificate },
-#endif
{ KEY.TransparentNetworkIPResolution, KEY.TransparentNetworkIPResolution },
{ SYNONYM.TRANSPARENTNETWORKIPRESOLUTION, KEY.TransparentNetworkIPResolution },
#endif // NETFRAMEWORK
@@ -1241,15 +1200,6 @@ internal SqlConnectionEncryptOption ConvertValueToEncrypt()
internal bool TransparentNetworkIPResolution => _transparentNetworkIPResolution;
internal string NetworkLibrary => _networkLibrary;
-#if ADONET_CERT_AUTH
- private readonly string _certificate;
- internal string Certificate => _certificate;
- internal bool UsesCertificate => _authType == SqlAuthenticationMethod.SqlCertificate;
-#else
- internal string Certificate => null;
- internal bool UsesCertificate => false;
-#endif
-
#endif // NETFRAMEWORK
}
}
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnectionStringBuilder.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnectionStringBuilder.cs
index b62d5b815b..7ef5ac1cae 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnectionStringBuilder.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlConnectionStringBuilder.cs
@@ -73,9 +73,6 @@ private enum Keywords
NetworkLibrary,
ContextConnection,
TransparentNetworkIPResolution,
-#if ADONET_CERT_AUTH
- Certificate,
-#endif
#endif
// keep the KeywordsCount value last
KeywordsCount
@@ -135,9 +132,6 @@ private enum Keywords
private bool _contextConnection = DbConnectionStringDefaults.ContextConnection;
private bool _transparentNetworkIPResolution = DbConnectionStringDefaults.TransparentNetworkIPResolution;
private string _networkLibrary = DbConnectionStringDefaults.NetworkLibrary;
-#if ADONET_CERT_AUTH
- private string _certificate = DbConnectionStringDefaults.Certificate;
-#endif
#else
internal const int DeprecatedKeywordsCount = 5;
#endif
@@ -192,9 +186,6 @@ private static string[] CreateValidKeywords()
validKeywords[(int)Keywords.NetworkLibrary] = DbConnectionStringKeywords.NetworkLibrary;
validKeywords[(int)Keywords.ContextConnection] = DbConnectionStringKeywords.ContextConnection;
validKeywords[(int)Keywords.TransparentNetworkIPResolution] = DbConnectionStringKeywords.TransparentNetworkIPResolution;
-#if ADONET_CERT_AUTH
- validKeywords[(int)Keywords.Certificate] = DbConnectionStringKeywords.Certificate;
-#endif
#endif
return validKeywords;
}
@@ -249,9 +240,6 @@ private static Dictionary CreateKeywordsDictionary()
{ DbConnectionStringKeywords.ContextConnection, Keywords.ContextConnection },
{ DbConnectionStringKeywords.TransparentNetworkIPResolution, Keywords.TransparentNetworkIPResolution },
{ DbConnectionStringKeywords.NetworkLibrary, Keywords.NetworkLibrary },
-#if ADONET_CERT_AUTH
- { DbConnectionStringKeywords.Certificate, Keywords.Certificate },
-#endif
{ DbConnectionStringSynonyms.NET, Keywords.NetworkLibrary },
{ DbConnectionStringSynonyms.NETWORK, Keywords.NetworkLibrary },
{ DbConnectionStringSynonyms.TRANSPARENTNETWORKIPRESOLUTION, Keywords.TransparentNetworkIPResolution },
@@ -414,9 +402,6 @@ private object GetAt(Keywords index)
return TransparentNetworkIPResolution;
case Keywords.NetworkLibrary:
return NetworkLibrary;
-#if ADONET_CERT_AUTH
- case Keywords.Certificate: return Certificate;
-#endif
#endif
default:
Debug.Fail("unexpected keyword");
@@ -572,11 +557,6 @@ private void Reset(Keywords index)
case Keywords.NetworkLibrary:
_networkLibrary = DbConnectionStringDefaults.NetworkLibrary;
break;
-#if ADONET_CERT_AUTH
- case Keywords.Certificate:
- _certificate = DbConnectionStringDefaults.Certificate;
- break;
-#endif
#endif
default:
Debug.Fail("unexpected keyword");
@@ -1091,11 +1071,6 @@ public override object this[string keyword]
case Keywords.TransparentNetworkIPResolution:
TransparentNetworkIPResolution = ConvertToBoolean(value);
break;
-#if ADONET_CERT_AUTH
- case Keywords.Certificate:
- Certificate = ConvertToString(value);
- break;
-#endif
#endif
default:
Debug.Fail("unexpected keyword");
@@ -1935,24 +1910,6 @@ public string NetworkLibrary
_networkLibrary = value;
}
}
-
-#if ADONET_CERT_AUTH
- [DisplayName(DbConnectionStringKeywords.Certificate)]
- [ResCategory(StringsHelper.ResourceNames.DataCategory_Security)]
- [ResDescription(StringsHelper.ResourceNames.DbConnectionString_Certificate)]
- [RefreshProperties(RefreshProperties.All)]
- public string Certificate {
- get => _certificate;
- set {
- if (!DbConnectionStringBuilderUtil.IsValidCertificateValue(value)) {
- throw ADP.InvalidConnectionOptionValue(DbConnectionStringKeywords.Certificate);
- }
-
- SetValue(DbConnectionStringKeywords.Certificate, value);
- _certificate = value;
- }
- }
-#endif
#endif
#endregion // Public APIs
}
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsEnums.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsEnums.cs
index 6cb1c70efc..5ab7560718 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsEnums.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsEnums.cs
@@ -602,9 +602,7 @@ public enum ActiveDirectoryWorkflow : byte
// dbnetlib error values
public const short TIMEOUT_EXPIRED = -2;
public const short ENCRYPTION_NOT_SUPPORTED = 20;
-#if NETFRAMEWORK
public const short CTAIP_NOT_SUPPORTED = 21;
-#endif
// CAUTION: These are not error codes returned by SNI. This is used for backward compatibility
// since netlib (now removed from sqlclient) returned these codes.
@@ -1178,11 +1176,7 @@ public enum SqlAuthenticationMethod
ActiveDirectoryDefault,
///
- ActiveDirectoryWorkloadIdentity,
-
-#if ADONET_CERT_AUTH && NETFRAMEWORK
- SqlCertificate,
-#endif
+ ActiveDirectoryWorkloadIdentity
}
// This enum indicates the state of TransparentNetworkIPResolution
// The first attempt when TNIR is on should be sequential. If the first attempt fails next attempts should be parallel.
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsParser.cs
index 4e9fb26c32..12a67c4654 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsParser.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsParser.cs
@@ -54,9 +54,6 @@ internal void TdsLogin(
TdsEnums.FeatureExtension requestedFeatures,
SessionData recoverySessionData,
FederatedAuthenticationFeatureExtensionData fedAuthFeatureExtensionData,
-#if NETFRAMEWORK
- SqlClientOriginalNetworkAddressInfo originalNetworkAddressInfo,
-#endif
SqlConnectionEncryptOption encrypt)
{
_physicalStateObj.SetTimeoutSeconds(rec.timeout);
@@ -87,31 +84,6 @@ internal void TdsLogin(
_connHandler!.TimeoutErrorInternal.EndPhase(SqlConnectionTimeoutErrorPhase.LoginBegin);
_connHandler.TimeoutErrorInternal.SetAndBeginPhase(SqlConnectionTimeoutErrorPhase.ProcessConnectionAuth);
-#if NETFRAMEWORK
- // Add CTAIP Provider
- //
- if (originalNetworkAddressInfo != null)
- {
- SNINativeMethodWrapper.CTAIPProviderInfo cauthInfo = new SNINativeMethodWrapper.CTAIPProviderInfo();
- cauthInfo.originalNetworkAddress = originalNetworkAddressInfo.Address.GetAddressBytes();
- cauthInfo.fromDataSecurityProxy = originalNetworkAddressInfo.IsFromDataSecurityProxy;
-
- UInt32 error = SNINativeMethodWrapper.SNIAddProvider(_physicalStateObj.Handle, SNINativeMethodWrapper.ProviderEnum.CTAIP_PROV, cauthInfo);
- if (error != TdsEnums.SNI_SUCCESS)
- {
- _physicalStateObj.AddError(ProcessSNIError(_physicalStateObj));
- ThrowExceptionAndWarning(_physicalStateObj);
- }
-
- try
- { } // EmptyTry/Finally to avoid FXCop violation
- finally
- {
- _physicalStateObj.ClearAllWritePackets();
- }
- }
-#endif
-
// get the password up front to use in sspi logic below
byte[] encryptedPassword = null;
byte[] encryptedChangePassword = null;
@@ -239,27 +211,6 @@ internal void TdsLogin(
_physicalStateObj.ResetSecurePasswordsInformation(); // Password information is needed only from Login process; done with writing login packet and should clear information
_physicalStateObj.HasPendingData = true;
_physicalStateObj._messageStatus = 0;
-
-#if NETFRAMEWORK
- // Remvove CTAIP Provider after login record is sent.
- //
- if (originalNetworkAddressInfo != null)
- {
- UInt32 error = SNINativeMethodWrapper.SNIRemoveProvider(_physicalStateObj.Handle, SNINativeMethodWrapper.ProviderEnum.CTAIP_PROV);
- if (error != TdsEnums.SNI_SUCCESS)
- {
- _physicalStateObj.AddError(ProcessSNIError(_physicalStateObj));
- ThrowExceptionAndWarning(_physicalStateObj);
- }
-
- try
- { } // EmptyTry/Finally to avoid FXCop violation
- finally
- {
- _physicalStateObj.ClearAllWritePackets();
- }
- }
-#endif
}// tdsLogin
}
}