From 8adfef4fb71b7a175c7eaf994faf96d172ac8746 Mon Sep 17 00:00:00 2001
From: Taylor Southwick <tasou@microsoft.com>
Date: Fri, 31 Jan 2025 16:51:53 -0800
Subject: [PATCH 01/10] Pass SqlAuthenticationParameters in
 GenerateSspiClientContext

As part of this change, the SSPIContextProvider base class now iterates through all the server names similar to what NegotiateSSPIContextProvider did.
---
 .../SSPI/NativeSSPIContextProvider.cs         |  8 +-
 .../SSPI/NegotiateSSPIContextProvider.cs      | 35 ++++-----
 .../SqlClient/SSPI/SSPIContextProvider.cs     | 74 ++++++++++++++++---
 3 files changed, 82 insertions(+), 35 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs
index 0a2fa8aeb7..bfd9b122f7 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs
@@ -49,7 +49,7 @@ private void LoadSSPILibrary()
             }
         }
 
-        protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, ReadOnlySpan<string> serverSpns)
+        protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams)
         {
 #if NETFRAMEWORK
             SNIHandle handle = _physicalStateObj.Handle;
@@ -62,9 +62,9 @@ protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo
             var sendLength = s_maxSSPILength;
             var outBuff = outgoingBlobWriter.GetSpan((int)sendLength);
 
-            if (0 != SniNativeWrapper.SNISecGenClientContext(handle, incomingBlob, outBuff, ref sendLength, serverSpns[0]))
+            if (0 != SniNativeWrapper.SNISecGenClientContext(handle, incomingBlob, outBuff, ref sendLength, authParams.ServerName))
             {
-                throw new InvalidOperationException(SQLMessage.SSPIGenerateError());
+                return false;
             }
 
             if (sendLength > int.MaxValue)
@@ -73,6 +73,8 @@ protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo
             }
 
             outgoingBlobWriter.Advance((int)sendLength);
+
+            return true;
         }
     }
 }
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
index 9a4eb457a4..10fdb2514c 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
@@ -1,8 +1,8 @@
 #if NET
 
 using System;
-using System.Net.Security;
 using System.Buffers;
+using System.Net.Security;
 
 #nullable enable
 
@@ -12,33 +12,24 @@ internal sealed class NegotiateSSPIContextProvider : SSPIContextProvider
     {
         private NegotiateAuthentication? _negotiateAuth = null;
 
-        protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, ReadOnlySpan<string> serverSpns)
+        protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams)
         {
             NegotiateAuthenticationStatusCode statusCode = NegotiateAuthenticationStatusCode.UnknownCredentials;
 
-            for (int i = 0; i < serverSpns.Length; i++)
-            {
-                _negotiateAuth ??= new(new NegotiateAuthenticationClientOptions { Package = "Negotiate", TargetName = serverSpns[i] });
-                var sendBuff = _negotiateAuth.GetOutgoingBlob(incomingBlob, out statusCode)!;
-
-                // Log session id, status code and the actual SPN used in the negotiation
-                SqlClientEventSource.Log.TryTraceEvent("{0}.{1} | Info | Session Id {2}, StatusCode={3}, SPN={4}", nameof(NegotiateSSPIContextProvider),
-                    nameof(GenerateSspiClientContext), _physicalStateObj.SessionId, statusCode, _negotiateAuth.TargetName);
-                if (statusCode == NegotiateAuthenticationStatusCode.Completed || statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded)
-                {
-                    outgoingBlobWriter.Write(sendBuff);
-                    break; // Successful case, exit the loop with current SPN.
-                }
-                else
-                {
-                    _negotiateAuth = null; // Reset _negotiateAuth to be generated again for next SPN.
-                }
-            }
+            _negotiateAuth ??= new(new NegotiateAuthenticationClientOptions { Package = "Negotiate", TargetName = authParams.ServerName });
+            var sendBuff = _negotiateAuth.GetOutgoingBlob(incomingBlob, out statusCode)!;
+
+            // Log session id, status code and the actual SPN used in the negotiation
+            SqlClientEventSource.Log.TryTraceEvent("{0}.{1} | Info | Session Id {2}, StatusCode={3}, SPN={4}", nameof(NegotiateSSPIContextProvider),
+                nameof(GenerateSspiClientContext), _physicalStateObj.SessionId, statusCode, _negotiateAuth.TargetName);
 
-            if (statusCode is not NegotiateAuthenticationStatusCode.Completed and not NegotiateAuthenticationStatusCode.ContinueNeeded)
+            if (statusCode == NegotiateAuthenticationStatusCode.Completed || statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded)
             {
-                throw new InvalidOperationException(SQLMessage.SSPIGenerateError() + Environment.NewLine + statusCode);
+                outgoingBlobWriter.Write(sendBuff);
+                return true; // Successful case, exit the loop with current SPN.
             }
+
+            return false;
         }
     }
 }
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
index 6aef7bfbff..2c673d9082 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
@@ -26,24 +26,78 @@ private protected virtual void Initialize()
         {
         }
 
-        protected abstract void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, ReadOnlySpan<string> serverSpns);
+        protected abstract bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams);
 
         internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, string serverSpn)
-            => SSPIData(receivedBuff, outgoingBlobWriter, new[] { serverSpn });
+        {
+            using var _ = TrySNIEventScope.Create(nameof(SSPIContextProvider));
 
-        internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, string[] serverSpns)
+            if (!RunGenerateSspiClientContext(receivedBuff, outgoingBlobWriter, serverSpn))
+            {
+                // If we've hit here, the SSPI context provider implementation failed to generate the SSPI context.
+                SSPIError(SQLMessage.SSPIGenerateError(), TdsEnums.GEN_CLIENT_CONTEXT);
+            }
+        }
+
+        internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, ReadOnlySpan<string> serverSpns)
         {
-            using (TrySNIEventScope.Create(nameof(SSPIContextProvider)))
+            using var _ = TrySNIEventScope.Create(nameof(SSPIContextProvider));
+
+            foreach (var serverSpn in serverSpns)
             {
-                try
-                {
-                    GenerateSspiClientContext(receivedBuff, outgoingBlobWriter, serverSpns);
-                }
-                catch (Exception e)
+                if (RunGenerateSspiClientContext(receivedBuff, outgoingBlobWriter, serverSpn))
                 {
-                    SSPIError(e.Message + Environment.NewLine + e.StackTrace, TdsEnums.GEN_CLIENT_CONTEXT);
+                    return;
                 }
             }
+
+            // If we've hit here, the SSPI context provider implementation failed to generate the SSPI context.
+            SSPIError(SQLMessage.SSPIGenerateError(), TdsEnums.GEN_CLIENT_CONTEXT);
+        }
+
+        private bool RunGenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, string serverSpn)
+        {
+            var authParams = CreateSqlAuthParams(_parser.Connection, serverSpn);
+
+            try
+            {
+#if NET8_0_OR_GREATER
+                SqlClientEventSource.Log.TryTraceEvent("{0}.{1} | Info | Session Id {2}, SPN={3}", GetType().FullName,
+                    nameof(GenerateSspiClientContext), _physicalStateObj.SessionId, serverSpn);
+#else
+                SqlClientEventSource.Log.TryTraceEvent("{0}.{1} | Info | SPN={1}", GetType().FullName,
+                    nameof(GenerateSspiClientContext), serverSpn);
+#endif
+
+                return GenerateSspiClientContext(incomingBlob, outgoingBlobWriter, authParams);
+            }
+            catch (Exception e)
+            {
+                SSPIError(e.Message + Environment.NewLine + e.StackTrace, TdsEnums.GEN_CLIENT_CONTEXT);
+                return false;
+            }
+        }
+
+        private static SqlAuthenticationParameters CreateSqlAuthParams(SqlInternalConnectionTds connection, string serverSpn)
+        {
+            var auth = new SqlAuthenticationParameters.Builder(
+                authenticationMethod: connection.ConnectionOptions.Authentication,
+                resource: null,
+                authority: null,
+                serverName: serverSpn,
+                connection.ConnectionOptions.InitialCatalog);
+
+            if (connection.ConnectionOptions.UserID is { } userId)
+            {
+                auth.WithUserId(userId);
+            }
+
+            if (connection.ConnectionOptions.Password is { } password)
+            {
+                auth.WithPassword(password);
+            }
+
+            return auth;
         }
 
         protected void SSPIError(string error, string procedure)

From 72f1c998f5cec8f492d47bd73084735fbc609d11 Mon Sep 17 00:00:00 2001
From: Taylor Southwick <tasou@microsoft.com>
Date: Fri, 14 Mar 2025 07:44:39 -0700
Subject: [PATCH 02/10] Remove comment and whitespace changes

---
 .../Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
index 10fdb2514c..9f5c7f549b 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
@@ -1,4 +1,4 @@
-#if NET
+#if NET
 
 using System;
 using System.Buffers;
@@ -26,7 +26,7 @@ protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo
             if (statusCode == NegotiateAuthenticationStatusCode.Completed || statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded)
             {
                 outgoingBlobWriter.Write(sendBuff);
-                return true; // Successful case, exit the loop with current SPN.
+                return true;
             }
 
             return false;

From 7f1f80033fbd7396e85f857464dc9cee27ecb254 Mon Sep 17 00:00:00 2001
From: Taylor Southwick <tasou@microsoft.com>
Date: Mon, 17 Mar 2025 10:40:25 -0700
Subject: [PATCH 03/10] use net framework logging

---
 .../Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs  | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
index 2c673d9082..e6cf47dfe6 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
@@ -61,13 +61,7 @@ private bool RunGenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBuff
 
             try
             {
-#if NET8_0_OR_GREATER
-                SqlClientEventSource.Log.TryTraceEvent("{0}.{1} | Info | Session Id {2}, SPN={3}", GetType().FullName,
-                    nameof(GenerateSspiClientContext), _physicalStateObj.SessionId, serverSpn);
-#else
-                SqlClientEventSource.Log.TryTraceEvent("{0}.{1} | Info | SPN={1}", GetType().FullName,
-                    nameof(GenerateSspiClientContext), serverSpn);
-#endif
+                SqlClientEventSource.Log.TryTraceEvent("{0}.{1} | Info | SPN={1}", GetType().FullName, nameof(GenerateSspiClientContext), serverSpn);
 
                 return GenerateSspiClientContext(incomingBlob, outgoingBlobWriter, authParams);
             }

From e9c04ad9abe60b7de5661da440fe22fd48207baf Mon Sep 17 00:00:00 2001
From: Taylor Southwick <tasou@microsoft.com>
Date: Mon, 17 Mar 2025 10:45:01 -0700
Subject: [PATCH 04/10] consolidate builder for sqlauthparameters and use
 serverSpn as resource

---
 .../SqlClient/SqlInternalConnectionTds.cs     | 11 +++-----
 .../SqlClient/SqlInternalConnectionTds.cs     | 26 ++++++++-----------
 .../SqlClient/SSPI/SSPIContextProvider.cs     |  9 +++----
 .../SqlClient/SqlAuthenticationParameters.cs  | 12 +++++----
 4 files changed, 26 insertions(+), 32 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
index d128268185..a120de0672 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
@@ -2435,13 +2435,10 @@ internal SqlFedAuthToken GetFedAuthToken(SqlFedAuthInfo fedAuthInfo)
                 try
                 {
                     var authParamsBuilder = new SqlAuthenticationParameters.Builder(
-                            authenticationMethod: ConnectionOptions.Authentication,
-                            resource: fedAuthInfo.spn,
-                            authority: fedAuthInfo.stsurl,
-                            serverName: ConnectionOptions.DataSource,
-                            databaseName: ConnectionOptions.InitialCatalog)
-                        .WithConnectionId(_clientConnectionId)
-                        .WithConnectionTimeout(ConnectionOptions.ConnectTimeout);
+                        connection: this,
+                        resource: fedAuthInfo.spn,
+                        authority: fedAuthInfo.stsurl);
+
                     switch (ConnectionOptions.Authentication)
                     {
                         case SqlAuthenticationMethod.ActiveDirectoryIntegrated:
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
index 0659148c83..4c6ebd5226 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
@@ -4,7 +4,6 @@
 
 using System;
 using System.Collections.Generic;
-using System.Data;
 using System.Data.Common;
 using System.Diagnostics;
 using System.Diagnostics.CodeAnalysis;
@@ -15,11 +14,11 @@
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
+using System.Transactions;
 using Microsoft.Data.Common;
 using Microsoft.Data.ProviderBase;
 using Microsoft.Data.SqlClient.ConnectionPool;
 using Microsoft.Identity.Client;
-using System.Transactions;
 
 
 namespace Microsoft.Data.SqlClient
@@ -137,7 +136,7 @@ sealed internal class SqlInternalConnectionTds : SqlInternalConnection, IDisposa
         // The Federated Authentication returned by TryGetFedAuthTokenLocked or GetFedAuthToken.
         SqlFedAuthToken _fedAuthToken = null;
         internal byte[] _accessTokenInBytes;
-        internal readonly Func<SqlAuthenticationParameters, CancellationToken,Task<SqlAuthenticationToken>> _accessTokenCallback;
+        internal readonly Func<SqlAuthenticationParameters, CancellationToken, Task<SqlAuthenticationToken>> _accessTokenCallback;
 
         private readonly ActiveDirectoryAuthenticationTimeoutRetryHelper _activeDirectoryAuthTimeoutRetryHelper;
 
@@ -1651,12 +1650,12 @@ private void OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectio
                 else
                 {
                     _timeoutErrorInternal.SetFailoverScenario(false); // not a failover scenario
-                    LoginNoFailover(dataSource, 
-                            newPassword, 
-                            newSecurePassword, 
+                    LoginNoFailover(dataSource,
+                            newPassword,
+                            newSecurePassword,
                             redirectedUserInstance,
-                            connectionOptions, 
-                            credential, 
+                            connectionOptions,
+                            credential,
                             timeout);
                 }
 
@@ -2625,7 +2624,7 @@ internal void OnFedAuthInfo(SqlFedAuthInfo fedAuthInfo)
 
                     if (_newDbConnectionPoolAuthenticationContext != null)
                     {
-                         _dbConnectionPool.AuthenticationContexts.TryAdd(_dbConnectionPoolAuthenticationContextKey, _newDbConnectionPoolAuthenticationContext);
+                        _dbConnectionPool.AuthenticationContexts.TryAdd(_dbConnectionPoolAuthenticationContextKey, _newDbConnectionPoolAuthenticationContext);
                     }
                 }
             }
@@ -2739,13 +2738,10 @@ internal SqlFedAuthToken GetFedAuthToken(SqlFedAuthInfo fedAuthInfo)
                 try
                 {
                     var authParamsBuilder = new SqlAuthenticationParameters.Builder(
-                        authenticationMethod: ConnectionOptions.Authentication,
+                        connection: this,
                         resource: fedAuthInfo.spn,
-                        authority: fedAuthInfo.stsurl,
-                        serverName: ConnectionOptions.DataSource,
-                        databaseName: ConnectionOptions.InitialCatalog)
-                        .WithConnectionId(_clientConnectionId)
-                        .WithConnectionTimeout(ConnectionOptions.ConnectTimeout);
+                        authority: fedAuthInfo.stsurl);
+
                     switch (ConnectionOptions.Authentication)
                     {
                         case SqlAuthenticationMethod.ActiveDirectoryIntegrated:
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
index e6cf47dfe6..324a8229dd 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
@@ -75,11 +75,10 @@ private bool RunGenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBuff
         private static SqlAuthenticationParameters CreateSqlAuthParams(SqlInternalConnectionTds connection, string serverSpn)
         {
             var auth = new SqlAuthenticationParameters.Builder(
-                authenticationMethod: connection.ConnectionOptions.Authentication,
-                resource: null,
-                authority: null,
-                serverName: serverSpn,
-                connection.ConnectionOptions.InitialCatalog);
+                connection: connection,
+                resource: serverSpn,
+                authority: null);
+
 
             if (connection.ConnectionOptions.UserID is { } userId)
             {
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationParameters.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationParameters.cs
index 9c74b937b8..587210bd0a 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationParameters.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationParameters.cs
@@ -49,7 +49,7 @@ protected SqlAuthenticationParameters(
             string authority,
             string userId,
             string password,
-            Guid connectionId, 
+            Guid connectionId,
             int connectionTimeout)
         {
             AuthenticationMethod = authenticationMethod;
@@ -149,11 +149,13 @@ public Builder WithConnectionTimeout(int timeout)
                 return this;
             }
 
-            internal Builder(SqlAuthenticationMethod authenticationMethod, string resource, string authority, string serverName, string databaseName)
+            internal Builder(SqlInternalConnectionTds connection, string resource, string authority)
             {
-                _authenticationMethod = authenticationMethod;
-                _serverName = serverName;
-                _databaseName = databaseName;
+                _authenticationMethod = connection.ConnectionOptions.Authentication;
+                _serverName = connection.ConnectionOptions.DataSource;
+                _databaseName = connection.ConnectionOptions.InitialCatalog;
+                _connectionTimeout = connection.ConnectionOptions.ConnectTimeout;
+                _connectionId = connection.ClientConnectionId;
                 _resource = resource;
                 _authority = authority;
             }

From 7c9b0f313e5e96e2e3b28bff22104f322537568b Mon Sep 17 00:00:00 2001
From: Taylor Southwick <tasou@microsoft.com>
Date: Wed, 30 Apr 2025 18:43:04 -0700
Subject: [PATCH 05/10] create separate SspiAuthenticationParameters

---
 .../src/Microsoft.Data.SqlClient.csproj       |  3 ++
 .../netfx/src/Microsoft.Data.SqlClient.csproj |  3 ++
 .../SSPI/NativeSSPIContextProvider.cs         |  2 +-
 .../SSPI/NegotiateSSPIContextProvider.cs      |  2 +-
 .../SqlClient/SSPI/SSPIContextProvider.cs     | 32 +++++--------------
 .../SSPI/SspiAuthenticationParameters.cs      | 20 ++++++++++++
 6 files changed, 36 insertions(+), 26 deletions(-)
 create mode 100644 src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs

diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj
index 8d1f8d1bbd..c5941a5001 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj
@@ -662,6 +662,9 @@
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SSPIContextProvider.cs">
       <Link>Microsoft\Data\SqlClient\SSPI\SSPIContextProvider.cs</Link>
     </Compile>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SspiAuthenticationParameters.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\SspiAuthenticationParameters.cs</Link>
+    </Compile>
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\Utilities\ObjectPool.cs">
       <Link>Microsoft\Data\SqlClient\Utilities\ObjectPool.cs</Link>
     </Compile>
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
index 8b8bda848e..b02df5e648 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
@@ -363,6 +363,9 @@
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SSPIContextProvider.cs">
       <Link>Microsoft\Data\SqlClient\SSPI\SSPIContextProvider.cs</Link>
     </Compile>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SspiAuthenticationParameters.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\SspiAuthenticationParameters.cs</Link>
+    </Compile>
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\TdsParser.cs">
       <Link>Microsoft\Data\SqlClient\TdsParser.cs</Link>
     </Compile>
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs
index 60ec07cf1e..fe20519691 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs
@@ -49,7 +49,7 @@ private void LoadSSPILibrary()
             }
         }
 
-        protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams)
+        protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SspiAuthenticationParameters authParams)
         {
 #if NETFRAMEWORK
             SNIHandle handle = _physicalStateObj.Handle;
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
index 9f5c7f549b..78355c1ac5 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
@@ -12,7 +12,7 @@ internal sealed class NegotiateSSPIContextProvider : SSPIContextProvider
     {
         private NegotiateAuthentication? _negotiateAuth = null;
 
-        protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams)
+        protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SspiAuthenticationParameters authParams)
         {
             NegotiateAuthenticationStatusCode statusCode = NegotiateAuthenticationStatusCode.UnknownCredentials;
 
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
index 73f71d11bd..6264f32b24 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Buffers;
 using System.Diagnostics;
-using Microsoft.Data.Common;
 
 #nullable enable
 
@@ -26,7 +25,7 @@ private protected virtual void Initialize()
         {
         }
 
-        protected abstract bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams);
+        protected abstract bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SspiAuthenticationParameters authParams);
 
         internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, string serverSpn)
         {
@@ -57,7 +56,13 @@ internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outg
 
         private bool RunGenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, string serverSpn)
         {
-            var authParams = CreateSqlAuthParams(_parser.Connection, serverSpn);
+            var options = _parser.Connection.ConnectionOptions;
+            var authParams = new SspiAuthenticationParameters(serverSpn)
+            {
+                DatabaseName = options.InitialCatalog,
+                UserId = options.UserID,
+                Password = options.Password,
+            };
 
             try
             {
@@ -72,27 +77,6 @@ private bool RunGenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBuff
             }
         }
 
-        private static SqlAuthenticationParameters CreateSqlAuthParams(SqlInternalConnectionTds connection, string serverSpn)
-        {
-            var auth = new SqlAuthenticationParameters.Builder(
-                connection: connection,
-                resource: serverSpn,
-                authority: null);
-
-
-            if (connection.ConnectionOptions.UserID is { } userId)
-            {
-                auth.WithUserId(userId);
-            }
-
-            if (connection.ConnectionOptions.Password is { } password)
-            {
-                auth.WithPassword(password);
-            }
-
-            return auth;
-        }
-
         protected void SSPIError(string error, string procedure)
         {
             Debug.Assert(!string.IsNullOrEmpty(procedure), "TdsParser.SSPIError called with an empty or null procedure string");
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs
new file mode 100644
index 0000000000..08fbbc03f9
--- /dev/null
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs
@@ -0,0 +1,20 @@
+#nullable enable
+
+namespace Microsoft.Data.SqlClient
+{
+    internal sealed class SspiAuthenticationParameters
+    {
+        public SspiAuthenticationParameters(string serverName)
+        {
+            ServerName = serverName;
+        }
+
+        public string ServerName { get; }
+
+        public string? UserId { get; set; }
+
+        public string? DatabaseName { get; set; }
+
+        public string? Password { get; set; }
+    }
+}

From 454da94c35d56c4c06d4eb2076340d802f4e5014 Mon Sep 17 00:00:00 2001
From: Taylor Southwick <tasou@microsoft.com>
Date: Wed, 30 Apr 2025 18:49:14 -0700
Subject: [PATCH 06/10] rename to resource

---
 .../Data/SqlClient/SSPI/NativeSSPIContextProvider.cs          | 2 +-
 .../Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs       | 2 +-
 .../src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs  | 2 +-
 .../Data/SqlClient/SSPI/SspiAuthenticationParameters.cs       | 4 +++-
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs
index fe20519691..93a091f96e 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs
@@ -62,7 +62,7 @@ protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo
             var sendLength = s_maxSSPILength;
             var outBuff = outgoingBlobWriter.GetSpan((int)sendLength);
 
-            if (0 != SniNativeWrapper.SniSecGenClientContext(handle, incomingBlob, outBuff, ref sendLength, authParams.ServerName))
+            if (0 != SniNativeWrapper.SniSecGenClientContext(handle, incomingBlob, outBuff, ref sendLength, authParams.Resource))
             {
                 return false;
             }
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
index 78355c1ac5..497a718d27 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
@@ -16,7 +16,7 @@ protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo
         {
             NegotiateAuthenticationStatusCode statusCode = NegotiateAuthenticationStatusCode.UnknownCredentials;
 
-            _negotiateAuth ??= new(new NegotiateAuthenticationClientOptions { Package = "Negotiate", TargetName = authParams.ServerName });
+            _negotiateAuth ??= new(new NegotiateAuthenticationClientOptions { Package = "Negotiate", TargetName = authParams.Resource });
             var sendBuff = _negotiateAuth.GetOutgoingBlob(incomingBlob, out statusCode)!;
 
             // Log session id, status code and the actual SPN used in the negotiation
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
index 6264f32b24..df8e25dc14 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
@@ -57,7 +57,7 @@ internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outg
         private bool RunGenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, string serverSpn)
         {
             var options = _parser.Connection.ConnectionOptions;
-            var authParams = new SspiAuthenticationParameters(serverSpn)
+            var authParams = new SspiAuthenticationParameters(options.DataSource, serverSpn)
             {
                 DatabaseName = options.InitialCatalog,
                 UserId = options.UserID,
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs
index 08fbbc03f9..b061dc8776 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs
@@ -4,11 +4,13 @@ namespace Microsoft.Data.SqlClient
 {
     internal sealed class SspiAuthenticationParameters
     {
-        public SspiAuthenticationParameters(string serverName)
+        public SspiAuthenticationParameters(string serverName, string resource)
         {
             ServerName = serverName;
         }
 
+        public string Resource { get; }
+
         public string ServerName { get; }
 
         public string? UserId { get; set; }

From 4e07c89ccac0916f7a280a79dabdbe59d2e0e4fa Mon Sep 17 00:00:00 2001
From: Taylor Southwick <tasou@microsoft.com>
Date: Wed, 30 Apr 2025 19:51:04 -0700
Subject: [PATCH 07/10] revert

---
 .../SqlClient/SqlInternalConnectionTds.cs     | 11 +++++---
 .../SqlClient/SqlInternalConnectionTds.cs     | 26 +++++++++++--------
 .../SqlClient/SqlAuthenticationParameters.cs  | 12 ++++-----
 3 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
index a120de0672..d128268185 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
@@ -2435,10 +2435,13 @@ internal SqlFedAuthToken GetFedAuthToken(SqlFedAuthInfo fedAuthInfo)
                 try
                 {
                     var authParamsBuilder = new SqlAuthenticationParameters.Builder(
-                        connection: this,
-                        resource: fedAuthInfo.spn,
-                        authority: fedAuthInfo.stsurl);
-
+                            authenticationMethod: ConnectionOptions.Authentication,
+                            resource: fedAuthInfo.spn,
+                            authority: fedAuthInfo.stsurl,
+                            serverName: ConnectionOptions.DataSource,
+                            databaseName: ConnectionOptions.InitialCatalog)
+                        .WithConnectionId(_clientConnectionId)
+                        .WithConnectionTimeout(ConnectionOptions.ConnectTimeout);
                     switch (ConnectionOptions.Authentication)
                     {
                         case SqlAuthenticationMethod.ActiveDirectoryIntegrated:
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
index 5e37d23343..8079231f61 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
@@ -4,6 +4,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Data;
 using System.Data.Common;
 using System.Diagnostics;
 using System.Diagnostics.CodeAnalysis;
@@ -14,11 +15,11 @@
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
-using System.Transactions;
 using Microsoft.Data.Common;
 using Microsoft.Data.ProviderBase;
 using Microsoft.Data.SqlClient.ConnectionPool;
 using Microsoft.Identity.Client;
+using System.Transactions;
 
 
 namespace Microsoft.Data.SqlClient
@@ -136,7 +137,7 @@ sealed internal class SqlInternalConnectionTds : SqlInternalConnection, IDisposa
         // The Federated Authentication returned by TryGetFedAuthTokenLocked or GetFedAuthToken.
         SqlFedAuthToken _fedAuthToken = null;
         internal byte[] _accessTokenInBytes;
-        internal readonly Func<SqlAuthenticationParameters, CancellationToken, Task<SqlAuthenticationToken>> _accessTokenCallback;
+        internal readonly Func<SqlAuthenticationParameters, CancellationToken,Task<SqlAuthenticationToken>> _accessTokenCallback;
 
         private readonly ActiveDirectoryAuthenticationTimeoutRetryHelper _activeDirectoryAuthTimeoutRetryHelper;
 
@@ -1516,12 +1517,12 @@ private void OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectio
                 else
                 {
                     _timeoutErrorInternal.SetFailoverScenario(false); // not a failover scenario
-                    LoginNoFailover(dataSource,
-                            newPassword,
-                            newSecurePassword,
+                    LoginNoFailover(dataSource, 
+                            newPassword, 
+                            newSecurePassword, 
                             redirectedUserInstance,
-                            connectionOptions,
-                            credential,
+                            connectionOptions, 
+                            credential, 
                             timeout);
                 }
 
@@ -2490,7 +2491,7 @@ internal void OnFedAuthInfo(SqlFedAuthInfo fedAuthInfo)
 
                     if (_newDbConnectionPoolAuthenticationContext != null)
                     {
-                        _dbConnectionPool.AuthenticationContexts.TryAdd(_dbConnectionPoolAuthenticationContextKey, _newDbConnectionPoolAuthenticationContext);
+                         _dbConnectionPool.AuthenticationContexts.TryAdd(_dbConnectionPoolAuthenticationContextKey, _newDbConnectionPoolAuthenticationContext);
                     }
                 }
             }
@@ -2604,10 +2605,13 @@ internal SqlFedAuthToken GetFedAuthToken(SqlFedAuthInfo fedAuthInfo)
                 try
                 {
                     var authParamsBuilder = new SqlAuthenticationParameters.Builder(
-                        connection: this,
+                        authenticationMethod: ConnectionOptions.Authentication,
                         resource: fedAuthInfo.spn,
-                        authority: fedAuthInfo.stsurl);
-
+                        authority: fedAuthInfo.stsurl,
+                        serverName: ConnectionOptions.DataSource,
+                        databaseName: ConnectionOptions.InitialCatalog)
+                        .WithConnectionId(_clientConnectionId)
+                        .WithConnectionTimeout(ConnectionOptions.ConnectTimeout);
                     switch (ConnectionOptions.Authentication)
                     {
                         case SqlAuthenticationMethod.ActiveDirectoryIntegrated:
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationParameters.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationParameters.cs
index 587210bd0a..9c74b937b8 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationParameters.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlAuthenticationParameters.cs
@@ -49,7 +49,7 @@ protected SqlAuthenticationParameters(
             string authority,
             string userId,
             string password,
-            Guid connectionId,
+            Guid connectionId, 
             int connectionTimeout)
         {
             AuthenticationMethod = authenticationMethod;
@@ -149,13 +149,11 @@ public Builder WithConnectionTimeout(int timeout)
                 return this;
             }
 
-            internal Builder(SqlInternalConnectionTds connection, string resource, string authority)
+            internal Builder(SqlAuthenticationMethod authenticationMethod, string resource, string authority, string serverName, string databaseName)
             {
-                _authenticationMethod = connection.ConnectionOptions.Authentication;
-                _serverName = connection.ConnectionOptions.DataSource;
-                _databaseName = connection.ConnectionOptions.InitialCatalog;
-                _connectionTimeout = connection.ConnectionOptions.ConnectTimeout;
-                _connectionId = connection.ClientConnectionId;
+                _authenticationMethod = authenticationMethod;
+                _serverName = serverName;
+                _databaseName = databaseName;
                 _resource = resource;
                 _authority = authority;
             }

From 95369506985c3ede906ebcd35829c1f721dedc91 Mon Sep 17 00:00:00 2001
From: Taylor Southwick <tasou@microsoft.com>
Date: Wed, 30 Apr 2025 19:52:05 -0700
Subject: [PATCH 08/10] add resource

---
 .../Data/SqlClient/SSPI/SspiAuthenticationParameters.cs          | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs
index b061dc8776..dce0858360 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiAuthenticationParameters.cs
@@ -7,6 +7,7 @@ internal sealed class SspiAuthenticationParameters
         public SspiAuthenticationParameters(string serverName, string resource)
         {
             ServerName = serverName;
+            Resource = resource;
         }
 
         public string Resource { get; }

From a813d22e70d6f993b54ff32287a447573b647af5 Mon Sep 17 00:00:00 2001
From: Taylor Southwick <tasou@microsoft.com>
Date: Thu, 1 May 2025 09:52:08 -0700
Subject: [PATCH 09/10] rename to SspiContextProvider

---
 .../netcore/src/Microsoft.Data.SqlClient.csproj      | 12 ++++++------
 .../src/Microsoft/Data/SqlClient/TdsParser.cs        |  4 ++--
 .../Data/SqlClient/TdsParserStateObject.netcore.cs   |  2 +-
 .../Data/SqlClient/TdsParserStateObjectManaged.cs    |  4 ++--
 .../Data/SqlClient/TdsParserStateObjectNative.cs     |  2 +-
 .../netfx/src/Microsoft.Data.SqlClient.csproj        | 12 ++++++------
 .../netfx/src/Microsoft/Data/SqlClient/TdsParser.cs  |  4 ++--
 .../Data/SqlClient/TdsParserStateObject.netfx.cs     |  2 +-
 ...ntextProvider.cs => NativeSspiContextProvider.cs} |  2 +-
 ...xtProvider.cs => NegotiateSspiContextProvider.cs} |  4 ++--
 ...SSPIContextProvider.cs => SspiContextProvider.cs} |  6 +++---
 11 files changed, 27 insertions(+), 27 deletions(-)
 rename src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/{NativeSSPIContextProvider.cs => NativeSspiContextProvider.cs} (97%)
 rename src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/{NegotiateSSPIContextProvider.cs => NegotiateSspiContextProvider.cs} (94%)
 rename src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/{SSPIContextProvider.cs => SspiContextProvider.cs} (95%)

diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj
index c5941a5001..1d182ff88e 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj
@@ -656,11 +656,11 @@
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SqlUtil.cs">
       <Link>Microsoft\Data\SqlClient\SqlUtil.cs</Link>
     </Compile>
-    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NegotiateSSPIContextProvider.cs">
-      <Link>Microsoft\Data\SqlClient\SSPI\NegotiateSSPIContextProvider.cs</Link>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NegotiateSspiContextProvider.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\NegotiateSspiContextProvider.cs</Link>
     </Compile>
-    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SSPIContextProvider.cs">
-      <Link>Microsoft\Data\SqlClient\SSPI\SSPIContextProvider.cs</Link>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SspiContextProvider.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\SspiContextProvider.cs</Link>
     </Compile>
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SspiAuthenticationParameters.cs">
       <Link>Microsoft\Data\SqlClient\SSPI\SspiAuthenticationParameters.cs</Link>
@@ -892,8 +892,8 @@
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SqlColumnEncryptionCspProvider.Windows.cs">
       <Link>Microsoft\Data\SqlClient\SqlColumnEncryptionCspProvider.Windows.cs</Link>
     </Compile>
-    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NativeSSPIContextProvider.cs">
-      <Link>Microsoft\Data\SqlClient\SSPI\NativeSSPIContextProvider.cs</Link>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NativeSspiContextProvider.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\NativeSspiContextProvider.cs</Link>
     </Compile>
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SqlColumnEncryptionCertificateStoreProvider.Windows.cs">
       <Link>Microsoft\Data\SqlClient\SqlColumnEncryptionCertificateStoreProvider.Windows.cs</Link>
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs
index c147d66fc5..3e6bd776d1 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs
@@ -44,7 +44,7 @@ internal sealed partial class TdsParser
         private static int _objectTypeCount; // EventSource counter
         private readonly SqlClientLogger _logger = new SqlClientLogger();
 
-        private SSPIContextProvider _authenticationProvider;
+        private SspiContextProvider _authenticationProvider;
 
         internal readonly int _objectID = Interlocked.Increment(ref _objectTypeCount);
         internal int ObjectID => _objectID;
@@ -413,7 +413,7 @@ internal void Connect(ServerInfo serverInfo,
             // AD Integrated behaves like Windows integrated when connecting to a non-fedAuth server
             if (integratedSecurity || authType == SqlAuthenticationMethod.ActiveDirectoryIntegrated)
             {
-                _authenticationProvider = _physicalStateObj.CreateSSPIContextProvider();
+                _authenticationProvider = _physicalStateObj.CreateSspiContextProvider();
                 SqlClientEventSource.Log.TryTraceEvent("TdsParser.Connect | SEC | SSPI or Active Directory Authentication Library loaded for SQL Server based integrated authentication");
             }
 
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObject.netcore.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObject.netcore.cs
index 0b564d1674..129cb02c5b 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObject.netcore.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObject.netcore.cs
@@ -75,7 +75,7 @@ internal TdsParserStateObject(TdsParser parser, TdsParserStateObject physicalCon
         ////////////////
         internal abstract uint DisableSsl();
 
-        internal abstract SSPIContextProvider CreateSSPIContextProvider();
+        internal abstract SspiContextProvider CreateSspiContextProvider();
 
         internal abstract uint EnableMars(ref uint info);
 
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectManaged.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectManaged.cs
index 3a709d03c9..e6dddc79f9 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectManaged.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectManaged.cs
@@ -407,7 +407,7 @@ private SNIHandle GetSessionSNIHandleHandleOrThrow()
         [MethodImpl(MethodImplOptions.NoInlining)] // this forces the exception throwing code not to be inlined for performance
         private void ThrowClosedConnection() => throw ADP.ClosedConnectionError();
 
-        internal override SSPIContextProvider CreateSSPIContextProvider()
-            => new NegotiateSSPIContextProvider();
+        internal override SspiContextProvider CreateSspiContextProvider()
+            => new NegotiateSspiContextProvider();
     }
 }
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
index 929056b306..b8d1b6cccb 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
@@ -449,7 +449,7 @@ internal override void DisposePacketCache()
             }
         }
 
-        internal override SSPIContextProvider CreateSSPIContextProvider() => new NativeSSPIContextProvider();
+        internal override SspiContextProvider CreateSspiContextProvider() => new NativeSspiContextProvider();
 
         internal sealed class WritePacketCache : IDisposable
         {
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
index b02df5e648..7ee7d4f333 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
@@ -354,14 +354,14 @@
     <Compile Include="$(CommonSourceRoot)Resources\ResCategoryAttribute.cs">
       <Link>Resources\ResCategoryAttribute.cs</Link>
     </Compile>
-    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NativeSSPIContextProvider.cs">
-      <Link>Microsoft\Data\SqlClient\SSPI\NativeSSPIContextProvider.cs</Link>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NativeSspiContextProvider.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\NativeSspiContextProvider.cs</Link>
     </Compile>
-    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NegotiateSSPIContextProvider.cs">
-      <Link>Microsoft\Data\SqlClient\SSPI\NegotiateSSPIContextProvider.cs</Link>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\NegotiateSspiContextProvider.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\NegotiateSspiContextProvider.cs</Link>
     </Compile>
-    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SSPIContextProvider.cs">
-      <Link>Microsoft\Data\SqlClient\SSPI\SSPIContextProvider.cs</Link>
+    <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SspiContextProvider.cs">
+      <Link>Microsoft\Data\SqlClient\SSPI\SspiContextProvider.cs</Link>
     </Compile>
     <Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SSPI\SspiAuthenticationParameters.cs">
       <Link>Microsoft\Data\SqlClient\SSPI\SspiAuthenticationParameters.cs</Link>
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs
index 325c56ff18..d0bc666b38 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParser.cs
@@ -44,7 +44,7 @@ internal sealed partial class TdsParser
         private static int _objectTypeCount; // EventSource counter
         private readonly SqlClientLogger _logger = new SqlClientLogger();
 
-        private SSPIContextProvider _authenticationProvider;
+        private SspiContextProvider _authenticationProvider;
 
         internal readonly int _objectID = Interlocked.Increment(ref _objectTypeCount);
         internal int ObjectID => _objectID;
@@ -411,7 +411,7 @@ internal void Connect(ServerInfo serverInfo,
             // AD Integrated behaves like Windows integrated when connecting to a non-fedAuth server
             if (integratedSecurity || authType == SqlAuthenticationMethod.ActiveDirectoryIntegrated)
             {
-                _authenticationProvider = _physicalStateObj.CreateSSPIContextProvider();
+                _authenticationProvider = _physicalStateObj.CreateSspiContextProvider();
 
                 if (!string.IsNullOrEmpty(serverInfo.ServerSPN))
                 {
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserStateObject.netfx.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserStateObject.netfx.cs
index ade447fb8f..b29990106f 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserStateObject.netfx.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserStateObject.netfx.cs
@@ -98,7 +98,7 @@ internal TdsParserStateObject(TdsParser parser, SNIHandle physicalConnection, bo
             _lastSuccessfulIOTimer = parser._physicalStateObj._lastSuccessfulIOTimer;
         }
 
-        internal SSPIContextProvider CreateSSPIContextProvider() => new NativeSSPIContextProvider();
+        internal SspiContextProvider CreateSspiContextProvider() => new NativeSspiContextProvider();
 
         ////////////////
         // Properties //
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSspiContextProvider.cs
similarity index 97%
rename from src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs
rename to src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSspiContextProvider.cs
index 93a091f96e..5935b149c8 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSspiContextProvider.cs
@@ -6,7 +6,7 @@
 
 namespace Microsoft.Data.SqlClient
 {
-    internal sealed class NativeSSPIContextProvider : SSPIContextProvider
+    internal sealed class NativeSspiContextProvider : SspiContextProvider
     {
         private static readonly object s_tdsParserLock = new();
 
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSspiContextProvider.cs
similarity index 94%
rename from src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
rename to src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSspiContextProvider.cs
index 497a718d27..5dc52010b3 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSspiContextProvider.cs
@@ -8,7 +8,7 @@
 
 namespace Microsoft.Data.SqlClient
 {
-    internal sealed class NegotiateSSPIContextProvider : SSPIContextProvider
+    internal sealed class NegotiateSspiContextProvider : SspiContextProvider
     {
         private NegotiateAuthentication? _negotiateAuth = null;
 
@@ -20,7 +20,7 @@ protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo
             var sendBuff = _negotiateAuth.GetOutgoingBlob(incomingBlob, out statusCode)!;
 
             // Log session id, status code and the actual SPN used in the negotiation
-            SqlClientEventSource.Log.TryTraceEvent("{0}.{1} | Info | Session Id {2}, StatusCode={3}, SPN={4}", nameof(NegotiateSSPIContextProvider),
+            SqlClientEventSource.Log.TryTraceEvent("{0}.{1} | Info | Session Id {2}, StatusCode={3}, SPN={4}", nameof(NegotiateSspiContextProvider),
                 nameof(GenerateSspiClientContext), _physicalStateObj.SessionId, statusCode, _negotiateAuth.TargetName);
 
             if (statusCode == NegotiateAuthenticationStatusCode.Completed || statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded)
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiContextProvider.cs
similarity index 95%
rename from src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
rename to src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiContextProvider.cs
index df8e25dc14..ff83422f10 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SspiContextProvider.cs
@@ -6,7 +6,7 @@
 
 namespace Microsoft.Data.SqlClient
 {
-    internal abstract class SSPIContextProvider
+    internal abstract class SspiContextProvider
     {
         private TdsParser _parser = null!;
         private ServerInfo _serverInfo = null!;
@@ -29,7 +29,7 @@ private protected virtual void Initialize()
 
         internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, string serverSpn)
         {
-            using var _ = TrySNIEventScope.Create(nameof(SSPIContextProvider));
+            using var _ = TrySNIEventScope.Create(nameof(SspiContextProvider));
 
             if (!RunGenerateSspiClientContext(receivedBuff, outgoingBlobWriter, serverSpn))
             {
@@ -40,7 +40,7 @@ internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outg
 
         internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, ReadOnlySpan<string> serverSpns)
         {
-            using var _ = TrySNIEventScope.Create(nameof(SSPIContextProvider));
+            using var _ = TrySNIEventScope.Create(nameof(SspiContextProvider));
 
             foreach (var serverSpn in serverSpns)
             {

From f7c90b499ec9965f9affe73e284012672dea98a4 Mon Sep 17 00:00:00 2001
From: Taylor Southwick <tasou@microsoft.com>
Date: Mon, 12 May 2025 17:33:33 -0700
Subject: [PATCH 10/10] deal with merge conflicts

---
 .../src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs  | 2 +-
 .../src/Microsoft/Data/SqlClient/TdsParserStateObject.cs        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
index aeace285e4..f83e50cc22 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsParserStateObjectNative.cs
@@ -31,6 +31,6 @@ internal override uint EnableMars(ref uint info)
         internal override uint SetConnectionBufferSize(ref uint unsignedPacketSize)
             => SniNativeWrapper.SniSetInfo(Handle, QueryType.SNI_QUERY_CONN_BUFSIZE, ref unsignedPacketSize);
 
-        internal override SSPIContextProvider CreateSSPIContextProvider() => new NativeSSPIContextProvider();
+        internal override SspiContextProvider CreateSspiContextProvider() => new NativeSspiContextProvider();
     }
 }
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsParserStateObject.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsParserStateObject.cs
index 55e5c51c05..2f377581ce 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsParserStateObject.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/TdsParserStateObject.cs
@@ -470,7 +470,7 @@ internal long TimeoutTime
 
         internal abstract uint DisableSsl();
 
-        internal abstract SSPIContextProvider CreateSSPIContextProvider();
+        internal abstract SspiContextProvider CreateSspiContextProvider();
 
         internal abstract uint EnableMars(ref uint info);