restsharp · haacked · Nov 1, 2013 · Oct 30, 2013 · Oct 30, 2013 · Oct 31, 2013
diff --git a/RestSharp.IntegrationTests/Helpers/SimpleServer.cs b/RestSharp.IntegrationTests/Helpers/SimpleServer.cs
@@ -10,9 +10,14 @@ public class SimpleServer : IDisposable
 		readonly Action<HttpListenerContext> _handler;
 		Thread _processor;
 
-		public static SimpleServer Create(string url, Action<HttpListenerContext> handler)
+		public static SimpleServer Create(string url, Action<HttpListenerContext> handler, AuthenticationSchemes authenticationSchemes = AuthenticationSchemes.Anonymous)
 		{
-			var server = new SimpleServer(new HttpListener { Prefixes = { url } }, handler);
+			var listener = new HttpListener
+			{
+				Prefixes = { url },
+				AuthenticationSchemes = authenticationSchemes
+			};
+			var server = new SimpleServer(listener, handler);
 			server.Start();
 			return server;
 		}

diff --git a/RestSharp.IntegrationTests/RequestHeadTests.cs b/RestSharp.IntegrationTests/RequestHeadTests.cs
@@ -0,0 +1,98 @@
+using System.Collections.Specialized;
+using System.Linq;
+using System.Net;
+using RestSharp.IntegrationTests.Helpers;
+using Xunit;
+
+namespace RestSharp.IntegrationTests
+{
+    public class RequestHeadTests
+    {
+        private const string BASE_URL = "http://localhost:8080/";
+
+        public RequestHeadTests()
+        {
+            RequestHeadCapturer.Initialize();
+        }
+
+        [Fact]
+        public void Does_Not_Pass_Default_Credentials_When_Server_Does_Not_Negotiate()
+        {
+            const Method httpMethod = Method.GET;
+            using (SimpleServer.Create(BASE_URL, Handlers.Generic<RequestHeadCapturer>()))
+            {
+                var client = new RestClient(BASE_URL);
+                var request = new RestRequest(RequestHeadCapturer.RESOURCE, httpMethod)
+                {
+                    UseDefaultCredentials = true
+                };
+
+                client.Execute(request);
+
+                Assert.NotNull(RequestHeadCapturer.CapturedHeaders);
+                var keys = RequestHeadCapturer.CapturedHeaders.Keys.Cast<string>().ToArray();
+                Assert.False(keys.Contains("Authorization"), "Authorization header was present in HTTP request from client, even though server does not use the Negotiate scheme");
+            }
+        }
+
+        [Fact]
+        public void Passes_Default_Credentials_When_UseDefaultCredentials_Is_True()
+        {
+            const Method httpMethod = Method.GET;
+            using (SimpleServer.Create(BASE_URL, Handlers.Generic<RequestHeadCapturer>(), AuthenticationSchemes.Negotiate))
+            {
+                var client = new RestClient(BASE_URL);
+                var request = new RestRequest(RequestHeadCapturer.RESOURCE, httpMethod)
+                {
+                    UseDefaultCredentials = true
+                };
+
+                var response = client.Execute(request);
+
+                Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+                Assert.NotNull(RequestHeadCapturer.CapturedHeaders);
+                var keys = RequestHeadCapturer.CapturedHeaders.Keys.Cast<string>().ToArray();
+                Assert.True(keys.Contains("Authorization"), "Authorization header not present in HTTP request from client, even though UseDefaultCredentials = true");
+            }
+        }
+
+        [Fact]
+        public void Does_Not_Pass_Default_Credentials_When_UseDefaultCredentials_Is_False()
+        {
+            const Method httpMethod = Method.GET;
+            using (SimpleServer.Create(BASE_URL, Handlers.Generic<RequestHeadCapturer>(), AuthenticationSchemes.Negotiate))
+            {
+                var client = new RestClient(BASE_URL);
+                var request = new RestRequest(RequestHeadCapturer.RESOURCE, httpMethod)
+                {
+                    // UseDefaultCredentials is currently false by default, but to make the test more robust in case that ever
+                    // changes, it's better to explicitly set it here.
+                    UseDefaultCredentials = false
+                };
+
+                var response = client.Execute(request);
+
+                Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
+                Assert.Null(RequestHeadCapturer.CapturedHeaders);
+            }
+        }
+
+        private class RequestHeadCapturer
+        {
+            public const string RESOURCE = "Capture";
+
+            public static NameValueCollection CapturedHeaders { get; set; }
+
+            public static void Initialize()
+            {
+                CapturedHeaders = null;
+            }
+
+            public static void Capture(HttpListenerContext context)
+            {
+                var request = context.Request;
+                CapturedHeaders = request.Headers;
+            }
+        }
+    }
+}
diff --git a/RestSharp.IntegrationTests/RestSharp.IntegrationTests.csproj b/RestSharp.IntegrationTests/RestSharp.IntegrationTests.csproj
@@ -76,6 +76,7 @@
     <Compile Include="Helpers\SimpleServer.cs" />
     <Compile Include="RequestBodyTests.cs" />
     <Compile Include="StatusCodeTests.cs" />
+    <Compile Include="RequestHeadTests.cs" />
   </ItemGroup>
   <ItemGroup>
     <Content Include="Assets\Koala.jpg">

diff --git a/RestSharp/Http.Async.cs b/RestSharp/Http.Async.cs
@@ -350,14 +350,16 @@ partial void AddAsyncHeaderActions()
 #endif
 		}
 
+		// TODO: Try to merge the shared parts between ConfigureWebRequest and ConfigureAsyncWebRequest (quite a bit of code
+		// TODO: duplication at the moment).
 		private HttpWebRequest ConfigureAsyncWebRequest(string method, Uri url)
 		{
 #if SILVERLIGHT
 			WebRequest.RegisterPrefix("http://", WebRequestCreator.ClientHttp);
 			WebRequest.RegisterPrefix("https://", WebRequestCreator.ClientHttp);
 #endif
 			var webRequest = (HttpWebRequest)WebRequest.Create(url);
-			webRequest.UseDefaultCredentials = false;
+			webRequest.UseDefaultCredentials = UseDefaultCredentials;
 
 			AppendHeaders(webRequest);
 			AppendCookies(webRequest);

diff --git a/RestSharp/Http.Sync.cs b/RestSharp/Http.Sync.cs
@@ -212,10 +212,12 @@ private void WriteRequestBody(HttpWebRequest webRequest)
 			}
 		}
 
+		// TODO: Try to merge the shared parts between ConfigureWebRequest and ConfigureAsyncWebRequest (quite a bit of code
+		// TODO: duplication at the moment).
 		private HttpWebRequest ConfigureWebRequest(string method, Uri url)
 		{
 			var webRequest = (HttpWebRequest)WebRequest.Create(url);
-			webRequest.UseDefaultCredentials = false;
+			webRequest.UseDefaultCredentials = UseDefaultCredentials;
 			ServicePointManager.Expect100Continue = false;
 
 			AppendHeaders(webRequest);

diff --git a/RestSharp/Http.cs b/RestSharp/Http.cs
@@ -135,6 +135,12 @@ protected bool HasFiles
 		/// </summary>
 		public int? MaxRedirects { get; set; }
 #endif
+		/// <summary>
+		/// Determine whether or not the "default credentials" (e.g. the user account under which the current process is running)
+		/// will be sent along to the server.
+		/// </summary>
+		public bool UseDefaultCredentials { get; set; }
+
 		/// <summary>
 		/// HTTP headers to be sent with request
 		/// </summary>

diff --git a/RestSharp/IHttp.cs b/RestSharp/IHttp.cs
@@ -42,6 +42,7 @@ public interface IHttp
 		X509CertificateCollection ClientCertificates { get; set; }
 		int? MaxRedirects { get; set; }
 #endif
+		bool UseDefaultCredentials { get; set; }
 
 		IList<HttpHeader> Headers { get; }
 		IList<HttpParameter> Parameters { get; }

diff --git a/RestSharp/IRestRequest.cs b/RestSharp/IRestRequest.cs
@@ -118,6 +118,12 @@ public interface IRestRequest
 		/// </remarks>
 		int Attempts { get; }
 
+		/// <summary>
+		/// Determine whether or not the "default credentials" (e.g. the user account under which the current process is running)
+		/// will be sent along to the server. The default is false.
+		/// </summary>
+		bool UseDefaultCredentials { get; set; }
+
 #if FRAMEWORK
 		/// <summary>
 		/// Adds a file to the Files collection to be included with a POST or PUT request 

diff --git a/RestSharp/RestClient.cs b/RestSharp/RestClient.cs
@@ -158,7 +158,7 @@ IDeserializer GetHandler(string contentType)
 
 		/// <summary>
 		/// Proxy to use for requests made by this client instance.
-		/// Passed on to underying WebRequest if set.
+		/// Passed on to underlying WebRequest if set.
 		/// </summary>
 		public IWebProxy Proxy { get; set; }
 #endif
@@ -295,11 +295,11 @@ private string EncodeParameters(IRestRequest request, IEnumerable<Parameter> par
 		private void ConfigureHttp(IRestRequest request, IHttp http)
 		{
 			http.AlwaysMultipartFormData = request.AlwaysMultipartFormData;
+			http.UseDefaultCredentials = request.UseDefaultCredentials;
+			http.ResponseWriter = request.ResponseWriter;
 
 			http.CookieContainer = CookieContainer;
 
-			http.ResponseWriter = request.ResponseWriter;
-
 			// move RestClient.DefaultParameters into Request.Parameters
 			foreach (var p in DefaultParameters)
 			{

diff --git a/RestSharp/RestRequest.cs b/RestSharp/RestRequest.cs
@@ -51,6 +51,12 @@ public class RestRequest : IRestRequest
 		/// </summary>
 		public Action<Stream> ResponseWriter { get; set; }
 
+		/// <summary>
+		/// Determine whether or not the "default credentials" (e.g. the user account under which the current process is running)
+		/// will be sent along to the server. The default is false.
+		/// </summary>
+		public bool UseDefaultCredentials { get; set; }
+
 		/// <summary>
 		/// Default constructor
 		/// </summary>