dotnet
diff --git a/‎doc/snippets/Microsoft.Data.SqlClient/SSPIContextProvider.xml
+14 b/‎doc/snippets/Microsoft.Data.SqlClient/SSPIContextProvider.xml
+14
diff --git a/‎doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml
+5 b/‎doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml
+5
diff --git a/‎src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.cs
+8 b/‎src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.cs
+8
diff --git a/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlConnection.cs
+21-9 b/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlConnection.cs
+21-9
diff --git a/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlConnectionFactory.cs
+2-2 b/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlConnectionFactory.cs
+2-2
diff --git a/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
+4-2 b/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlInternalConnectionTds.cs
+4-2
diff --git a/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs
+1-1 b/‎src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs
+1-1
diff --git a/‎src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.cs
+8 b/‎src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.cs
+8
@@ -0,0 +1,14 @@
+<?xml version="1.0"?>
+<docs>
+    <members name="SSPIContextProvider">
+        <SSPIContextProvider>
+            <summary>Provides the ability to customize SSPI context generation.</summary>          
+        </SSPIContextProvider>
+        <GenerateSspiClientContext>
+            <summary>Generates a SSPI outgoing blob given the incoming blob.</summary>      
+            <param name="incomingBlob">Incoming blob</param>
+            <param name="outgoingBlobWriter">Outgoing blob</param>
+            <param name="authParams">Gets the authentication parameters associated with this connection.</param>
+        </GenerateSspiClientContext>
+    </members>
+</docs>
@@ -3284,6 +3284,11 @@
         Returns 0 if the connection is inactive on the client side.
       </remarks>
     </ServerProcessId>
+    <SSPIContextProviderFactory>
+      <summary>
+        Gets or sets the factory used to create a <see cref="SSPIContextProvider"/> instance for customizing the SSPI context. If not set, the default for the platform will be used
+      </summary>
+    </SSPIContextProviderFactory>
     <State>
       <summary>
         Indicates the state of the <see cref="T:Microsoft.Data.SqlClient.SqlConnection" /> during the most recent network operation performed on the connection.
 
@@ -907,6 +907,8 @@ public void RegisterColumnEncryptionKeyStoreProvidersOnConnection(System.Collect
         [System.ComponentModel.BrowsableAttribute(false)]
         [System.ComponentModel.DesignerSerializationVisibilityAttribute(0)]
         public Microsoft.Data.SqlClient.SqlCredential Credential { get { throw null; } set { } }
+        /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml' path='docs/members[@name="SqlConnection"]/SSPIContextProviderFactory/*' />
+        public System.Func<SSPIContextProvider> SSPIContextProviderFactory { get { throw null; } set { } }
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml' path='docs/members[@name="SqlConnection"]/Database/*'/>
         [System.ComponentModel.DesignerSerializationVisibilityAttribute(0)]
         public override string Database { get { throw null; } }
@@ -1938,6 +1940,12 @@ public sealed class SqlConfigurableRetryFactory
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConfigurableRetryFactory.xml' path='docs/members[@name="SqlConfigurableRetryFactory"]/CreateNoneRetryProvider/*' />
         public static SqlRetryLogicBaseProvider CreateNoneRetryProvider() { throw null; }
     }
+    /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SSPIContextProvider.xml' path='docs/members[@name="SSPIContextProvider"]/SSPIContextProvider/*'/>
+    public abstract class SSPIContextProvider
+    {
+        /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SSPIContextProvider.xml' path='docs/members[@name="SSPIContextProvider"]/GenerateSspiClientContext/*'/>
+        protected abstract void GenerateSspiClientContext(System.ReadOnlySpan<byte> incomingBlob, System.Buffers.IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams);
+    }
 }
 namespace Microsoft.Data.SqlClient.Diagnostics
 {
 
@@ -89,6 +89,7 @@ private static readonly Dictionary<string, SqlColumnEncryptionKeyStoreProvider>
         private IReadOnlyDictionary<string, SqlColumnEncryptionKeyStoreProvider> _customColumnEncryptionKeyStoreProviders;
 
         private Func<SqlAuthenticationParameters, CancellationToken, Task<SqlAuthenticationToken>> _accessTokenCallback;
+        private Func<SSPIContextProvider> _sspiContextProviderFactory;
 
         internal bool HasColumnEncryptionKeyStoreProvidersRegistered =>
             _customColumnEncryptionKeyStoreProviders is not null && _customColumnEncryptionKeyStoreProviders.Count > 0;
@@ -648,7 +649,7 @@ public override string ConnectionString
                         CheckAndThrowOnInvalidCombinationOfConnectionOptionAndAccessTokenCallback(connectionOptions);
                     }
                 }
-                ConnectionString_Set(new SqlConnectionPoolKey(value, _credential, _accessToken, _accessTokenCallback));
+                ConnectionString_Set(new SqlConnectionPoolKey(value, _credential, _accessToken, _accessTokenCallback, _sspiContextProviderFactory));
                 _connectionString = value;  // Change _connectionString value only after value is validated
                 CacheConnectionStringProperties();
             }
@@ -708,7 +709,7 @@ public string AccessToken
                 }
 
                 // Need to call ConnectionString_Set to do proper pool group check
-                ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, credential: _credential, accessToken: value, accessTokenCallback: null));
+                ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, credential: _credential, accessToken: value, accessTokenCallback: null, sspiContextProviderFactory: _sspiContextProviderFactory));
                 _accessToken = value;
             }
         }
@@ -731,11 +732,22 @@ public Func<SqlAuthenticationParameters, CancellationToken, Task<SqlAuthenticati
                     CheckAndThrowOnInvalidCombinationOfConnectionOptionAndAccessTokenCallback((SqlConnectionString)ConnectionOptions);
                 }
 
-                ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, credential: _credential, accessToken: null, accessTokenCallback: value));
+                ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, credential: _credential, accessToken: null, accessTokenCallback: value, sspiContextProviderFactory: _sspiContextProviderFactory));
                 _accessTokenCallback = value;
             }
         }
 
+        /// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml' path='docs/members[@name="SqlConnection"]/SSPIContextProviderFactory/*' />
+        public Func<SSPIContextProvider> SSPIContextProviderFactory
+        {
+            get { return _sspiContextProviderFactory; }
+            set
+            {
+                ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, credential: _credential, accessToken: null, accessTokenCallback: _accessTokenCallback, sspiContextProviderFactory: value));
+                _sspiContextProviderFactory = value;
+            }
+        }
+
         /// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml' path='docs/members[@name="SqlConnection"]/Database/*' />
         [ResDescription(StringsHelper.ResourceNames.SqlConnection_Database)]
         [ResCategory(StringsHelper.ResourceNames.SqlConnection_DataSource)]
@@ -1030,7 +1042,7 @@ public SqlCredential Credential
                 _credential = value;
 
                 // Need to call ConnectionString_Set to do proper pool group check
-                ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, _credential, accessToken: _accessToken, accessTokenCallback: _accessTokenCallback));
+                ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, _credential, accessToken: _accessToken, accessTokenCallback: _accessTokenCallback, _sspiContextProviderFactory));
             }
         }
 
@@ -1078,7 +1090,7 @@ private void CheckAndThrowOnInvalidCombinationOfConnectionOptionAndAccessToken(S
                 throw ADP.InvalidMixedUsageOfCredentialAndAccessToken();
             }
 
-            if(_accessTokenCallback != null)
+            if (_accessTokenCallback != null)
             {
                 throw ADP.InvalidMixedUsageOfAccessTokenAndTokenCallback();
             }
@@ -1100,7 +1112,7 @@ private void CheckAndThrowOnInvalidCombinationOfConnectionOptionAndAccessTokenCa
                 throw ADP.InvalidMixedUsageOfAccessTokenCallbackAndAuthentication();
             }
 
-            if(_accessToken != null)
+            if (_accessToken != null)
             {
                 throw ADP.InvalidMixedUsageOfAccessTokenAndTokenCallback();
             }
@@ -2214,7 +2226,7 @@ public static void ChangePassword(string connectionString, string newPassword)
                     throw ADP.InvalidArgumentLength(nameof(newPassword), TdsEnums.MAXLEN_NEWPASSWORD);
                 }
 
-                SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential: null, accessToken: null, accessTokenCallback: null);
+                SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential: null, accessToken: null, accessTokenCallback: null, sspiContextProviderFactory: null);
 
                 SqlConnectionString connectionOptions = SqlConnectionFactory.FindSqlConnectionOptions(key);
                 if (connectionOptions.IntegratedSecurity)
@@ -2263,7 +2275,7 @@ public static void ChangePassword(string connectionString, SqlCredential credent
                     throw ADP.InvalidArgumentLength(nameof(newSecurePassword), TdsEnums.MAXLEN_NEWPASSWORD);
                 }
 
-                SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential, accessToken: null, accessTokenCallback: null);
+                SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential, accessToken: null, accessTokenCallback: null, sspiContextProviderFactory: null);
 
                 SqlConnectionString connectionOptions = SqlConnectionFactory.FindSqlConnectionOptions(key);
 
@@ -2302,7 +2314,7 @@ private static void ChangePassword(string connectionString, SqlConnectionString
                 if (con != null)
                     con.Dispose();
             }
-            SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential, accessToken: null, accessTokenCallback: null);
+            SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential, accessToken: null, accessTokenCallback: null, sspiContextProviderFactory: null);
 
             SqlConnectionFactory.SingletonInstance.ClearPool(key);
         }
 
@@ -95,7 +95,7 @@ override protected DbConnectionInternal CreateConnection(DbConnectionOptions opt
                         //       This first connection is established to SqlExpress to get the instance name
                         //       of the UserInstance.
                         SqlConnectionString sseopt = new SqlConnectionString(opt, opt.DataSource, userInstance: true, setEnlistValue: false);
-                        sseConnection = new SqlInternalConnectionTds(identity, sseopt, key.Credential, null, "", null, false, applyTransientFaultHandling: applyTransientFaultHandling);
+                        sseConnection = new SqlInternalConnectionTds(identity, sseopt, key.Credential, null, "", null, false, applyTransientFaultHandling: applyTransientFaultHandling, sspiContextProviderFactory: key.SSPIContextProviderFactory);
                         // NOTE: Retrieve <UserInstanceName> here. This user instance name will be used below to connect to the Sql Express User Instance.
                         instanceName = sseConnection.InstanceName;
 
@@ -135,7 +135,7 @@ override protected DbConnectionInternal CreateConnection(DbConnectionOptions opt
                 opt = new SqlConnectionString(opt, instanceName, userInstance: false, setEnlistValue: null);
                 poolGroupProviderInfo = null; // null so we do not pass to constructor below...
             }
-            return new SqlInternalConnectionTds(identity, opt, key.Credential, poolGroupProviderInfo, "", null, redirectedUserInstance, userOpt, recoverySessionData, applyTransientFaultHandling: applyTransientFaultHandling, key.AccessToken, pool, key.AccessTokenCallback);
+            return new SqlInternalConnectionTds(identity, opt, key.Credential, poolGroupProviderInfo, "", null, redirectedUserInstance, userOpt, recoverySessionData, applyTransientFaultHandling: applyTransientFaultHandling, key.AccessToken, pool, key.AccessTokenCallback, key.SSPIContextProviderFactory);
         }
 
         protected override DbConnectionOptions CreateConnectionOptions(string connectionString, DbConnectionOptions previous)
 
@@ -135,6 +135,7 @@ internal sealed class SqlInternalConnectionTds : SqlInternalConnection, IDisposa
         SqlFedAuthToken _fedAuthToken = null;
         internal byte[] _accessTokenInBytes;
         internal readonly Func<SqlAuthenticationParameters, CancellationToken, Task<SqlAuthenticationToken>> _accessTokenCallback;
+        internal readonly Func<SSPIContextProvider> _sspiContextProviderFactory;
 
         private readonly ActiveDirectoryAuthenticationTimeoutRetryHelper _activeDirectoryAuthTimeoutRetryHelper;
 
@@ -453,8 +454,8 @@ internal SqlInternalConnectionTds(
             bool applyTransientFaultHandling = false,
             string accessToken = null,
             DbConnectionPool pool = null,
-            Func<SqlAuthenticationParameters, CancellationToken,
-            Task<SqlAuthenticationToken>> accessTokenCallback = null) : base(connectionOptions)
+            Func<SqlAuthenticationParameters, CancellationToken, Task<SqlAuthenticationToken>> accessTokenCallback = null,
+            Func<SSPIContextProvider> sspiContextProviderFactory = null) : base(connectionOptions)
 
         {
 #if DEBUG
@@ -488,6 +489,7 @@ internal SqlInternalConnectionTds(
             }
 
             _accessTokenCallback = accessTokenCallback;
+            _sspiContextProviderFactory = sspiContextProviderFactory;
 
             _activeDirectoryAuthTimeoutRetryHelper = new ActiveDirectoryAuthenticationTimeoutRetryHelper();
 
 
@@ -407,7 +407,7 @@ internal void Connect(
             // AD Integrated behaves like Windows integrated when connecting to a non-fedAuth server
             if (integratedSecurity || authType == SqlAuthenticationMethod.ActiveDirectoryIntegrated)
             {
-                _authenticationProvider = _physicalStateObj.CreateSSPIContextProvider();
+                _authenticationProvider = Connection._sspiContextProviderFactory?.Invoke() ?? _physicalStateObj.CreateSSPIContextProvider();
                 SqlClientEventSource.Log.TryTraceEvent("TdsParser.Connect | SEC | SSPI or Active Directory Authentication Library loaded for SQL Server based integrated authentication");
             }
 
 
@@ -809,6 +809,8 @@ public SqlConnection(string connectionString, Microsoft.Data.SqlClient.SqlCreden
         [System.ComponentModel.BrowsableAttribute(false)]
         [System.ComponentModel.DesignerSerializationVisibilityAttribute(0)]
         public Microsoft.Data.SqlClient.SqlCredential Credential { get { throw null; } set { } }
+        /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml' path='docs/members[@name="SqlConnection"]/SSPIContextProviderFactory/*' />
+        public System.Func<SSPIContextProvider> SSPIContextProviderFactory { get { throw null; } set { } }
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml' path='docs/members[@name="SqlConnection"]/Database/*'/>
         [System.ComponentModel.DesignerSerializationVisibilityAttribute(0)]
         public override string Database { get { throw null; } }
@@ -1952,6 +1954,12 @@ public sealed class SqlConfigurableRetryFactory
         /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConfigurableRetryFactory.xml' path='docs/members[@name="SqlConfigurableRetryFactory"]/CreateNoneRetryProvider/*' />
         public static SqlRetryLogicBaseProvider CreateNoneRetryProvider() { throw null; }
     }
+    /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SSPIContextProvider.xml' path='docs/members[@name="SSPIContextProvider"]/SSPIContextProvider/*'/>
+    public abstract class SSPIContextProvider
+    {
+        /// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SSPIContextProvider.xml' path='docs/members[@name="SSPIContextProvider"]/GenerateSspiClientContext/*'/>
+        protected abstract void GenerateSspiClientContext(System.ReadOnlySpan<byte> incomingBlob, System.Buffers.IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams);
+    }
 }
 namespace Microsoft.Data.SqlClient.Server
 {
Original file line number	Diff line number	Diff line change
`@@ -89,6 +89,7 @@ private static readonly Dictionary<string, SqlColumnEncryptionKeyStoreProvider>`
`89`	`89`	`private IReadOnlyDictionary<string, SqlColumnEncryptionKeyStoreProvider> _customColumnEncryptionKeyStoreProviders;`
`90`	`90`
`91`	`91`	`private Func<SqlAuthenticationParameters, CancellationToken, Task<SqlAuthenticationToken>> _accessTokenCallback;`
	`92`	`+ private Func<SSPIContextProvider> _sspiContextProviderFactory;`
`92`	`93`
`93`	`94`	`internal bool HasColumnEncryptionKeyStoreProvidersRegistered =>`
`94`	`95`	`_customColumnEncryptionKeyStoreProviders is not null && _customColumnEncryptionKeyStoreProviders.Count > 0;`
`@@ -648,7 +649,7 @@ public override string ConnectionString`
`648`	`649`	`CheckAndThrowOnInvalidCombinationOfConnectionOptionAndAccessTokenCallback(connectionOptions);`
`649`	`650`	`}`
`650`	`651`	`}`
`651`		`- ConnectionString_Set(new SqlConnectionPoolKey(value, _credential, _accessToken, _accessTokenCallback));`
	`652`	`+ ConnectionString_Set(new SqlConnectionPoolKey(value, _credential, _accessToken, _accessTokenCallback, _sspiContextProviderFactory));`
`652`	`653`	`_connectionString = value; // Change _connectionString value only after value is validated`
`653`	`654`	`CacheConnectionStringProperties();`
`654`	`655`	`}`
`@@ -708,7 +709,7 @@ public string AccessToken`
`708`	`709`	`}`
`709`	`710`
`710`	`711`	`// Need to call ConnectionString_Set to do proper pool group check`
`711`		`- ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, credential: _credential, accessToken: value, accessTokenCallback: null));`
	`712`	`+ ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, credential: _credential, accessToken: value, accessTokenCallback: null, sspiContextProviderFactory: _sspiContextProviderFactory));`
`712`	`713`	`_accessToken = value;`
`713`	`714`	`}`
`714`	`715`	`}`
`@@ -731,11 +732,22 @@ public Func<SqlAuthenticationParameters, CancellationToken, Task<SqlAuthenticati`
`731`	`732`	`CheckAndThrowOnInvalidCombinationOfConnectionOptionAndAccessTokenCallback((SqlConnectionString)ConnectionOptions);`
`732`	`733`	`}`
`733`	`734`
`734`		`- ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, credential: _credential, accessToken: null, accessTokenCallback: value));`
	`735`	`+ ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, credential: _credential, accessToken: null, accessTokenCallback: value, sspiContextProviderFactory: _sspiContextProviderFactory));`
`735`	`736`	`_accessTokenCallback = value;`
`736`	`737`	`}`
`737`	`738`	`}`
`738`	`739`
	`740`	`+ /// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml' path='docs/members[@name="SqlConnection"]/SSPIContextProviderFactory/*' />`
	`741`	`+ public Func<SSPIContextProvider> SSPIContextProviderFactory`
	`742`	`+ {`
	`743`	`+ get { return _sspiContextProviderFactory; }`
	`744`	`+ set`
	`745`	`+ {`
	`746`	`+ ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, credential: _credential, accessToken: null, accessTokenCallback: _accessTokenCallback, sspiContextProviderFactory: value));`
	`747`	`+ _sspiContextProviderFactory = value;`
	`748`	`+ }`
	`749`	`+ }`
	`750`	`+`
`739`	`751`	`/// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml' path='docs/members[@name="SqlConnection"]/Database/*' />`
`740`	`752`	`[ResDescription(StringsHelper.ResourceNames.SqlConnection_Database)]`
`741`	`753`	`[ResCategory(StringsHelper.ResourceNames.SqlConnection_DataSource)]`
`@@ -1030,7 +1042,7 @@ public SqlCredential Credential`
`1030`	`1042`	`_credential = value;`
`1031`	`1043`
`1032`	`1044`	`// Need to call ConnectionString_Set to do proper pool group check`
`1033`		`- ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, _credential, accessToken: _accessToken, accessTokenCallback: _accessTokenCallback));`
	`1045`	`+ ConnectionString_Set(new SqlConnectionPoolKey(_connectionString, _credential, accessToken: _accessToken, accessTokenCallback: _accessTokenCallback, _sspiContextProviderFactory));`
`1034`	`1046`	`}`
`1035`	`1047`	`}`
`1036`	`1048`
`@@ -1078,7 +1090,7 @@ private void CheckAndThrowOnInvalidCombinationOfConnectionOptionAndAccessToken(S`
`1078`	`1090`	`throw ADP.InvalidMixedUsageOfCredentialAndAccessToken();`
`1079`	`1091`	`}`
`1080`	`1092`
`1081`		`- if(_accessTokenCallback != null)`
	`1093`	`+ if (_accessTokenCallback != null)`
`1082`	`1094`	`{`
`1083`	`1095`	`throw ADP.InvalidMixedUsageOfAccessTokenAndTokenCallback();`
`1084`	`1096`	`}`
`@@ -1100,7 +1112,7 @@ private void CheckAndThrowOnInvalidCombinationOfConnectionOptionAndAccessTokenCa`
`1100`	`1112`	`throw ADP.InvalidMixedUsageOfAccessTokenCallbackAndAuthentication();`
`1101`	`1113`	`}`
`1102`	`1114`
`1103`		`- if(_accessToken != null)`
	`1115`	`+ if (_accessToken != null)`
`1104`	`1116`	`{`
`1105`	`1117`	`throw ADP.InvalidMixedUsageOfAccessTokenAndTokenCallback();`
`1106`	`1118`	`}`
`@@ -2214,7 +2226,7 @@ public static void ChangePassword(string connectionString, string newPassword)`
`2214`	`2226`	`throw ADP.InvalidArgumentLength(nameof(newPassword), TdsEnums.MAXLEN_NEWPASSWORD);`
`2215`	`2227`	`}`
`2216`	`2228`
`2217`		`- SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential: null, accessToken: null, accessTokenCallback: null);`
	`2229`	`+ SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential: null, accessToken: null, accessTokenCallback: null, sspiContextProviderFactory: null);`
`2218`	`2230`
`2219`	`2231`	`SqlConnectionString connectionOptions = SqlConnectionFactory.FindSqlConnectionOptions(key);`
`2220`	`2232`	`if (connectionOptions.IntegratedSecurity)`
`@@ -2263,7 +2275,7 @@ public static void ChangePassword(string connectionString, SqlCredential credent`
`2263`	`2275`	`throw ADP.InvalidArgumentLength(nameof(newSecurePassword), TdsEnums.MAXLEN_NEWPASSWORD);`
`2264`	`2276`	`}`
`2265`	`2277`
`2266`		`- SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential, accessToken: null, accessTokenCallback: null);`
	`2278`	`+ SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential, accessToken: null, accessTokenCallback: null, sspiContextProviderFactory: null);`
`2267`	`2279`
`2268`	`2280`	`SqlConnectionString connectionOptions = SqlConnectionFactory.FindSqlConnectionOptions(key);`
`2269`	`2281`
`@@ -2302,7 +2314,7 @@ private static void ChangePassword(string connectionString, SqlConnectionString`
`2302`	`2314`	`if (con != null)`
`2303`	`2315`	`con.Dispose();`
`2304`	`2316`	`}`
`2305`		`- SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential, accessToken: null, accessTokenCallback: null);`
	`2317`	`+ SqlConnectionPoolKey key = new SqlConnectionPoolKey(connectionString, credential, accessToken: null, accessTokenCallback: null, sspiContextProviderFactory: null);`
`2306`	`2318`
`2307`	`2319`	`SqlConnectionFactory.SingletonInstance.ClearPool(key);`
`2308`	`2320`	`}`
Original file line number	Diff line number	Diff line change
`@@ -407,7 +407,7 @@ internal void Connect(`
`407`	`407`	`// AD Integrated behaves like Windows integrated when connecting to a non-fedAuth server`
`408`	`408`	`if (integratedSecurity \|\| authType == SqlAuthenticationMethod.ActiveDirectoryIntegrated)`
`409`	`409`	`{`
`410`		`- _authenticationProvider = _physicalStateObj.CreateSSPIContextProvider();`
	`410`	`+ _authenticationProvider = Connection._sspiContextProviderFactory?.Invoke() ?? _physicalStateObj.CreateSSPIContextProvider();`
`411`	`411`	`SqlClientEventSource.Log.TryTraceEvent("TdsParser.Connect \| SEC \| SSPI or Active Directory Authentication Library loaded for SQL Server based integrated authentication");`
`412`	`412`	`}`
`413`	`413`