Stop splitting the UPN credential into username and domain parts unless specified

src/System.ServiceModel.Primitives/src/System/ServiceModel/Security/SecurityUtils.cs

@@ -201,6 +201,8 @@ internal static partial class SecurityUtils
         public const string Principal = "Principal";
         private static IIdentity s_anonymousIdentity;
         private static X509SecurityTokenAuthenticator s_nonValidatingX509Authenticator;
+        internal const string EnableLegacyUpnUsernameFixString = "Switch.System.ServiceModel.EnableLegacyUpnUsernameFix";
+        internal static bool s_enableLegacyUpnUsernameFix = AppContext.TryGetSwitch(EnableLegacyUpnUsernameFixString, out bool enabled) && enabled;
 
         internal static string GetSpnFromIdentity(EndpointIdentity identity, EndpointAddress target)
         {
@@ -932,6 +934,11 @@ public static SecurityBindingElement GetIssuerSecurityBindingElement(ServiceMode
         }
 
         internal static void FixNetworkCredential(ref NetworkCredential credential)
+        {
+            FixNetworkCredential(ref credential, s_enableLegacyUpnUsernameFix);
+        }
+
+        internal static void FixNetworkCredential(ref NetworkCredential credential, bool enableLegacyUpnUsernameFix)
         {
             if (credential == null)
             {
@@ -952,7 +959,7 @@ internal static void FixNetworkCredential(ref NetworkCredential credential)
                         credential = new NetworkCredential(partsWithSlashDelimiter[1], credential.Password, partsWithSlashDelimiter[0]);
                     }
                 }
-                else if (partsWithSlashDelimiter.Length == 1 && partsWithAtDelimiter.Length == 2)
+                else if (enableLegacyUpnUsernameFix && partsWithSlashDelimiter.Length == 1 && partsWithAtDelimiter.Length == 2)
                 {
                     if (!string.IsNullOrEmpty(partsWithAtDelimiter[0]) && !string.IsNullOrEmpty(partsWithAtDelimiter[1]))
                     {

src/System.ServiceModel.Primitives/tests/Security/SecurityUtilsTest.cs

@@ -0,0 +1,48 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using System;
+using System.Net;
+using System.Reflection;
+using System.ServiceModel.Security;
+using Infrastructure.Common;
+using Xunit;
+
+public static class SecurityUtilsTest
+{
+    [WcfFact]
+    public static void FixNetworkCredential_AppContext_EnableLegacyUpnUsernameFix()
+    {
+        Type t = Assembly.GetAssembly(typeof(WindowsClientCredential))
+                            .GetType(typeof(WindowsClientCredential).Namespace + ".SecurityUtils");
+
+        MethodInfo method = t.GetMethod("FixNetworkCredential", BindingFlags.NonPublic | BindingFlags.Static,
+            null, new[] { typeof(NetworkCredential).MakeByRefType() }, null);
+
+        //switch on
+        var credential = new NetworkCredential("[email protected]", "password");
+        var parameters = new object[] { credential };
+        AppContext.SetSwitch("Switch.System.ServiceModel.EnableLegacyUpnUsernameFix", true);
+        method.Invoke(null, parameters);
+
+        credential = (NetworkCredential)parameters[0];
+        Assert.NotNull(credential);
+        Assert.Equal("user", credential.UserName);
+        Assert.Equal("password", credential.Password);
+        Assert.Equal("domain.com", credential.Domain);
+
+        //switch off
+        FieldInfo f = t.GetField("s_enableLegacyUpnUsernameFix", BindingFlags.Static | BindingFlags.NonPublic);
+        f.SetValue(t, false);
+        credential = new NetworkCredential("[email protected]", "password");
+        parameters = new object[] { credential };
+        method.Invoke(null, parameters);
+
+        credential = (NetworkCredential)parameters[0];
+        Assert.NotNull(credential);
+        Assert.Equal("[email protected]", credential.UserName);
+        Assert.Equal("password", credential.Password);
+        Assert.Equal(string.Empty, credential.Domain);
+    }
+}