[Foundation] Enable HTTP digest auth in NSUrlSessionHandler#25179
[Foundation] Enable HTTP digest auth in NSUrlSessionHandler#25179mandel-macaque wants to merge 1 commit intodotnet:mainfrom
Conversation
NSUrlSessionHandler was explicitly rejecting HTTP digest challenges by mapping NSURLAuthenticationMethodHTTPDigest to the internal reject sentinel. That meant iOS never answered digest auth challenges with configured credentials, while other supported auth schemes did. Handle digest challenges like other credential-backed auth methods so Credentials.GetCredential can return a NetworkCredential and the handler can respond with an NSUrlCredential. Add a System.Net.Http regression test covering successful and failed digest authentication, and add a shared httpbin helper for the digest auth endpoint. Local monotouch-test build validation was attempted, but this checkout is currently blocked by the expected Xcode installation and local build environment configuration.
|
@rolfbjarne I don't longer have sudo, you might need to create a branch for this to be able to run the CI. |
There was a problem hiding this comment.
Pull request overview
This PR updates NSUrlSessionHandler to support HTTP Digest authentication challenges (instead of explicitly rejecting them), and adds a regression test that validates Digest auth success/failure against httpbin.
Changes:
- Map
NSURLAuthenticationMethodHTTPDigestto a credential-backed auth type soCredentials.GetCredentialcan provide aNetworkCredential. - Add an httpbin URL helper for the Digest auth endpoint.
- Add a
System.Net.Httptest covering successful and unsuccessful Digest authentication.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
src/Foundation/NSUrlSessionHandler.cs |
Stops rejecting Digest challenges and treats them like other credential-backed schemes. |
tests/monotouch-test/System.Net.Http/NetworkResources.cs |
Adds GetDigestAuthUrl for httpbin’s digest-auth endpoint. |
tests/monotouch-test/System.Net.Http/MessageHandlers.cs |
Adds a regression test that exercises Digest authentication using NSUrlSessionHandler.Credentials. |
| var handler = new NSUrlSessionHandler () { | ||
| Credentials = new NetworkCredential (username, password, "") | ||
| }; | ||
|
|
||
| var client = new HttpClient (handler); | ||
|
|
||
| HttpStatusCode httpStatus = HttpStatusCode.NotFound; | ||
| var done = TestRuntime.TryRunAsync (TimeSpan.FromSeconds (30), async () => { | ||
| var result = await client.GetAsync (NetworkResources.Httpbin.GetDigestAuthUrl (validUsername, validPassword)); | ||
| httpStatus = result.StatusCode; |
There was a problem hiding this comment.
The test allocates NSUrlSessionHandler/HttpClient (and the HttpResponseMessage from GetAsync) without disposing them. In this test suite there are other tests that use using var for these types; not disposing can keep sockets/connections open longer than necessary and can lead to intermittent failures when many network tests run.
| if (!done) { | ||
| Assert.Inconclusive ("Request timedout."); | ||
| } else { | ||
| TestRuntime.IgnoreInCIIfBadNetwork (httpStatus); | ||
| Assert.IsNull (ex, "Exception not null"); | ||
| Assert.AreEqual (expectedStatus, httpStatus, "Status not ok"); |
There was a problem hiding this comment.
This test only calls TestRuntime.IgnoreInCIIfBadNetwork (httpStatus). If the request fails with an exception (DNS, timeout, connection reset, etc), httpStatus may remain the default and the exception won't be considered for CI ignore logic, making the new test unnecessarily flaky. Consider calling TestRuntime.IgnoreInCIIfBadNetwork (ex) (or using it in addition to the status-based overload) before asserting ex is null.
| }, out var ex); | ||
|
|
||
| if (!done) { | ||
| Assert.Inconclusive ("Request timedout."); |
There was a problem hiding this comment.
Typo/grammar: "timedout" should be "timed out" in the inconclusive message.
|
Recreated: #25180. |
NSUrlSessionHandler was explicitly rejecting HTTP digest challenges by mapping NSURLAuthenticationMethodHTTPDigest to the internal reject sentinel. That meant iOS never answered digest auth challenges with configured credentials, while other supported auth schemes did. Handle digest challenges like other credential-backed auth methods so Credentials.GetCredential can return a NetworkCredential and the handler can respond with an NSUrlCredential. Add a System.Net.Http regression test covering successful and failed digest authentication, and add a shared httpbin helper for the digest auth endpoint. Recreated from #25179 (by @mandel-macaque) to not use a fork. --------- Co-authored-by: Manuel de la Pena <mandel@themacaque.com> Co-authored-by: Manuel de la Pena <mandel@microsoft.com>
NSUrlSessionHandler was explicitly rejecting HTTP digest challenges by mapping NSURLAuthenticationMethodHTTPDigest to the internal reject sentinel. That meant iOS never answered digest auth challenges with configured credentials, while other supported auth schemes did.
Handle digest challenges like other credential-backed auth methods so Credentials.GetCredential can return a NetworkCredential and the handler can respond with an NSUrlCredential.
Add a System.Net.Http regression test covering successful and failed digest authentication, and add a shared httpbin helper for the digest auth endpoint.
Local monotouch-test build validation was attempted, but this checkout is currently blocked by the expected Xcode installation and local build environment configuration.