From 2dd1a9885bf19514c5d8b53895ac61a91a1ee76e Mon Sep 17 00:00:00 2001
From: Brennan Conroy <brecon@microsoft.com>
Date: Mon, 10 Nov 2025 13:45:27 -0800
Subject: [PATCH] [release8/0] AppContext for HttpSys CBT hardening

---
 .../HttpSys/src/NativeInterop/UrlGroup.cs      | 14 ++++++++++++++
 .../HttpSys/NativeInterop/HttpApiTypes.cs      | 18 ++++++++++++++++--
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/src/Servers/HttpSys/src/NativeInterop/UrlGroup.cs b/src/Servers/HttpSys/src/NativeInterop/UrlGroup.cs
index dbde24640ef5..b237d5979323 100644
--- a/src/Servers/HttpSys/src/NativeInterop/UrlGroup.cs
+++ b/src/Servers/HttpSys/src/NativeInterop/UrlGroup.cs
@@ -5,6 +5,7 @@
 using System.Runtime.InteropServices;
 using Microsoft.AspNetCore.HttpSys.Internal;
 using Microsoft.Extensions.Logging;
+using static Microsoft.AspNetCore.HttpSys.Internal.HttpApiTypes;
 
 namespace Microsoft.AspNetCore.Server.HttpSys;
 
@@ -16,6 +17,8 @@ internal sealed partial class UrlGroup : IDisposable
         Marshal.SizeOf<HttpApiTypes.HTTP_QOS_SETTING_INFO>();
     private static readonly int RequestPropertyInfoSize =
         Marshal.SizeOf<HttpApiTypes.HTTP_BINDING_INFO>();
+    private static readonly int ChannelBindInfoSize =
+        Marshal.SizeOf<HttpApiTypes.HTTP_CHANNEL_BIND_INFO>();
 
     private readonly ILogger _logger;
 
@@ -42,6 +45,17 @@ internal unsafe UrlGroup(ServerSession serverSession, RequestQueue requestQueue,
 
         Debug.Assert(urlGroupId != 0, "Invalid id returned by HttpCreateUrlGroup");
         Id = urlGroupId;
+
+        if (AppContext.TryGetSwitch("Microsoft.AspNetCore.Server.HttpSys.EnableCBTHardening", out var enabled) && enabled)
+        {
+            var channelBindingSettings = new HTTP_CHANNEL_BIND_INFO
+            {
+                Hardening = HTTP_AUTHENTICATION_HARDENING_LEVELS.HttpAuthenticationHardeningMedium,
+                ServiceNames = IntPtr.Zero,
+                NumberOfServiceNames = 0,
+            };
+            SetProperty(HTTP_SERVER_PROPERTY.HttpServerChannelBindProperty, new(&channelBindingSettings), (uint)ChannelBindInfoSize);
+        }
     }
 
     internal ulong Id { get; private set; }
diff --git a/src/Shared/HttpSys/NativeInterop/HttpApiTypes.cs b/src/Shared/HttpSys/NativeInterop/HttpApiTypes.cs
index a0a35eaaa6a5..0df53e34fd25 100644
--- a/src/Shared/HttpSys/NativeInterop/HttpApiTypes.cs
+++ b/src/Shared/HttpSys/NativeInterop/HttpApiTypes.cs
@@ -2,8 +2,6 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-using System;
-using System.Collections.Generic;
 using System.Runtime.InteropServices;
 using System.Security.Authentication;
 using Microsoft.AspNetCore.Http;
@@ -654,6 +652,22 @@ internal struct HTTP_BINDING_INFO
         internal IntPtr RequestQueueHandle;
     }
 
+    internal enum HTTP_AUTHENTICATION_HARDENING_LEVELS
+    {
+        HttpAuthenticationHardeningLegacy = 0,
+        HttpAuthenticationHardeningMedium,
+        HttpAuthenticationHardeningStrict
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal struct HTTP_CHANNEL_BIND_INFO
+    {
+        internal HTTP_AUTHENTICATION_HARDENING_LEVELS Hardening;
+        internal uint Flags;
+        internal /*PHTTP_SERVICE_BINDING_BASE**/ IntPtr ServiceNames;
+        internal uint NumberOfServiceNames;
+    }
+
     [StructLayout(LayoutKind.Sequential)]
     internal struct HTTP_CONNECTION_LIMIT_INFO
     {