dohertj2/histsdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CLAUDE.md: cross-platform end-to-end verified

Browse Source 
Verified from a Debian 13 client (.NET 10.0.203) against the Windows
Historian using explicit Windows credentials and NegotiateAuthentication
via GSSAPI/NTLM:

- GetTagMetadataAsync: returns correct fields for SysTimeSec
- BrowseTagNamesAsync: returns SysTimeHour, SysTimeMin, SysTimeSec
- ProbeAsync: works over both transports

Calls that touch the cert-transport binding directly (ReadRawAsync,
GetSystemParameterAsync) still fail at X509 chain validation despite
update-ca-certificates. .NET WCF on Linux uses its own X509Chain plumbing
rather than the system CA bundle. Documented as a follow-up rather than
fixed in this pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Joseph Doherty
2026-05-04 22:53:10 -04:00
parent 8607f5d530
commit 92d4110142
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CLAUDE.md
+12 -4
View File
@@ -106,10 +106,18 @@ The SDK builds and runs on Linux (Debian 13, .NET 10 SDK 10.0.203). `HistorianSs
`HistorianWcfBindingFactory.CreateMdasNetNamedPipeBinding` and
`CreateMdasNetTcpWindowsBinding` methods carry a `#pragma warning disable
CA1416` documenting this.
- **Authenticated reads over `RemoteTcpCertificate` from Linux** — wired
to use NegotiateAuthentication's GSSAPI/NTLM path (`gss-ntlmssp` installed
on Debian), but live verification requires an explicit Windows credential
(`HISTORIAN_USER` / `HISTORIAN_PASSWORD`) which hasn't been exercised yet.
- **Authenticated WCF calls via NegotiateAuthentication GSSAPI/NTLM**
from Linux — verified end-to-end with explicit credentials:
`GetTagMetadataAsync` returned correct fields, `BrowseTagNamesAsync`
returned matching tags. Confirms the SDK's auth chain (Open2 → ValCl × N
→ service call) works cross-platform.
- ⚠️ **Calls that touch the cert-transport binding directly from Linux**
(`ReadRawAsync`, `GetSystemParameterAsync`, etc.) fail with X509 chain
validation even after `update-ca-certificates`. .NET WCF on Linux uses
its own X509Chain plumbing rather than the system CA bundle. Workarounds
are out of scope for this pass: install the cert into
`~/.dotnet/corefx/cryptography/x509stores/` per-user, or expose a
`ServerCertificateValidationCallback` on `HistorianClientOptions`.
### Remaining gaps