SocketsHttpHandler: if server sends invalid NT auth challenge, don't continue processing #28704
Conversation
|
I tested locally using the HttpListener based loopback tests. |
|
@dotnet-bot test outerloop Linux x64 debug build |
Does that mean we have an existing test that failed and now passes with your PR? Or does it mean that you used those HttpListener tests and simulated some failure in the auth to demonstrate that the PR fixes the original issue reported? Is it then possible to add a new test to validate this fix? |
No, I just mean I ran the local HttpListener tests to validate that I didn't break them. I used the repro code from the linked issue to repro this and confirm the fix. Per comments there, an HttpListener repro is not possible, so I didn't try. |
| @@ -62,6 +62,11 @@ private static bool ProxySupportsConnectionAuth(HttpResponseMessage response) | |||
| while (true) | |||
| { | |||
| string challengeResponse = authContext.GetOutgoingBlob(challengeData); | |||
| if (challengeResponse == null) | |||
| { | |||
| // Server sent something invalid, so stop processing and return current response. | |||
There was a problem hiding this comment.
The server's response wasn't invalid. It indicated denial even after login. What was invalid was the following request with no data blob, which this new condition handles.
Fixes #28648
@Tratcher @stephentoub @davidsh @dotnet/ncl