Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Ignore DefaultCredentials when doing Basic & Digest auth in SocketsHttpHandler #113728

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Apr 10, 2025
Merged

Ignore DefaultCredentials when doing Basic & Digest auth in SocketsHttpHandler #113728

merged 17 commits into from
Apr 10, 2025
+39 −1

Conversation

makazeu
Copy link
Contributor

@makazeu makazeu commented Mar 20, 2025

Fixes #113145.

As described in #113145 (comment)

@Copilot Copilot AI review requested due to automatic review settings March 20, 2025 13:13
@ghost ghost added the area-System.Net.Http label Mar 20, 2025
@dotnet-policy-service dotnet-policy-service bot added the community-contribution Indicates that the PR has been added by a community member label Mar 20, 2025
Copilot
Copilot AI reviewed Mar 20, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR prevents Basic authentication from mistakenly using DefaultCredentials in SocketsHttpHandler.

  • Adds a conditional check in the Basic authentication case to skip processing when DefaultCredentials is used.
  • Enhances the authentication handling by ensuring only supported credential types are processed in Basic auth.
Comments suppressed due to low confidence (1)

src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.cs:269

  • [nitpick] Consider verifying that the variable name 'credentials' is consistent with other parts of the code where a similar credential is referred to as 'credential'. If applicable, renaming it for consistency may help reduce confusion.
if (CredentialCache.DefaultCredentials == credentials)

@makazeu
Copy link
Contributor Author

makazeu commented Mar 20, 2025

cc @MihaZupan

@MihaZupan
Copy link
Member

Can you please add a test that validates the new behavior?
Default credentials are set, 401 response, only 1 request is made

This was referenced Mar 20, 2025
Open
Open
Open
@build-analysis build-analysis bot mentioned this pull request Mar 21, 2025
Open
@makazeu makazeu changed the title Ignore DefaultCredentials when doing BasicAuth in SocketsHttpHandler Ignore DefaultCredentials when doing Basic & Digest auth in SocketsHttpHandler Mar 22, 2025
@makazeu makazeu requested a review from wfurt March 22, 2025 15:40
@build-analysis build-analysis bot mentioned this pull request Mar 22, 2025
Open
MihaZupan
MihaZupan approved these changes Apr 8, 2025
View reviewed changes
Copy link
Member

@MihaZupan MihaZupan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you

makazeu added 2 commits April 10, 2025 11:27
@makazeu
Refactor SocketsHttpHandler test to use Theory for authentication types
32c66a2 
Updated the SocketsHttpHandler_UseDefaultCredentials test to utilize [Theory] and [InlineData] attributes, allowing for testing with both Basic and Digest authentication types.
@makazeu
Merge branch 'main' into ignore-defaultcredentials-in-basicauth
c69ce72
@makazeu makazeu requested a review from MihaZupan April 10, 2025 04:42
@build-analysis build-analysis bot mentioned this pull request Apr 10, 2025
Closed
wfurt
wfurt approved these changes Apr 10, 2025
View reviewed changes
Copy link
Member

@wfurt wfurt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. thans @makazeu

@wfurt wfurt merged commit d291f3a into dotnet:main Apr 10, 2025
83 of 86 checks passed
@makazeu makazeu deleted the ignore-defaultcredentials-in-basicauth branch April 10, 2025 09:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@wfurt wfurt wfurt approved these changes

@MihaZupan MihaZupan Awaiting requested review from MihaZupan

Assignees
No one assigned
Labels
area-System.Net.Http community-contribution Indicates that the PR has been added by a community member
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SocketsHttpHandler retries with useless "Authorization" header when SystemNetworkCredential is in use
3 participants
@makazeu @MihaZupan @wfurt