Skip to content
This repository was archived by the owner on Jan 23, 2023. It is now read-only.

[release/2.1] Fix windows auth when we receive a 401 after auth completes #32243

Merged
merged 2 commits into from
Sep 13, 2018
Merged

[release/2.1] Fix windows auth when we receive a 401 after auth completes #32243

merged 2 commits into from
Sep 13, 2018

Conversation

@davidsh
Copy link
Contributor

@davidsh davidsh commented Sep 11, 2018
edited by karelz
Loading

PR #31589 (2.1.5) introduced a regression in the case where we receive another 401 after Windows auth completes
(this is caused by the user being successfully authenticated, but not authorized to access the specified
resource). We were incorrectly draining the response in this case. As a result, the user would receive
a disposed response and eventually throw an ObjectDisposedException.

The fix is to adjust the logic here where we only drain if we know we are going to send another request
for the rest of the Windows auth (Negotiate/NTLM) challenge-response handshake.

Add new unit test for Windows auth scenario.

@geoffkizer @davidsh
Fix windows auth when we receive a 401 after auth completes
bd47e4e 
PR #31589 introduced a regression in the case where we receive another 401 after Windows auth completes
(this is caused by the user being successfully authenticated, but not authorized to access the specified
resource). We were incorrectly draining the response in this case. As a result, the user would receive
a disposed response and eventually throw an ObjectDisposedException.

The fix is to adjust the logic here where we only drain if we know we are going to send another request
for the rest of the Windows auth (Negotiate/NTLM) challenge-response handshake.

Add new unit test for Windows auth scenario.
@davidsh davidsh added tenet-compatibility Incompatibility with previous versions or .NET Framework area-System.Net.Http.SocketsHttpHandler labels Sep 11, 2018
@davidsh davidsh added this to the 2.1.x milestone Sep 11, 2018
@davidsh davidsh self-assigned this Sep 11, 2018
@davidsh
Copy link
Contributor Author

davidsh commented Sep 11, 2018
edited
Loading

Shiproom template

Description

Receiving another 401 after Windows auth completes (this is caused by the user being successfully authenticated, but not authorized to access the specified resource) is resulting in an incorrect ObjectDisposedException being thrown due to incorrectly draining the response stream. This is causing HTTP requests to fail.

The fix is to adjust the logic so that we only drain the response stream if we know we are going to send another request for the rest of the Windows auth (Negotiate/NTLM) challenge-response handshake.

Customer Impact

HTTP requests that successfully authenticate but are unauthorized for the particular resource will throw ObjectDisposedException instead of returning a normal HttpResponseMessage with 401 status code. This already has broken ASP.NET scenarios.

Regression?

Regression from 2.1.4

Packaging reviewed?

N/A. System.Net.Http.dll is not built as a separate package.

Risk

Low. Added new unit tests to verify scenario with Windows authentication.

Link to issue

#32143

@davidsh
Skip test on nano server
04183cf 
HttpListener isn't supported on NanoServer sku since http.sys is not present.
@davidsh
Copy link
Contributor Author

davidsh commented Sep 12, 2018

@dotnet-bot test Outerloop Windows x64 Debug Build
@dotnet-bot test Outerloop Linux x64 Debug Build
@dotnet-bot test Outerloop NETFX x86 Debug Build
@dotnet-bot test Outerloop UWP CoreCLR x64 Debug Build
@dotnet-bot test Outerloop OSX x64 Debug Build

@davidsh davidsh requested a review from geoffkizer September 12, 2018 01:57
@geoffkizer
Copy link

geoffkizer commented Sep 12, 2018

LGTM

@davidsh
Copy link
Contributor Author

davidsh commented Sep 12, 2018

Failures in CI unrelated to PR.

@danmoseley danmoseley added the Servicing-consider Issue for next servicing release review label Sep 12, 2018
@jamshedd jamshedd added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Sep 13, 2018
@jamshedd
Copy link
Member

jamshedd commented Sep 13, 2018

Approved for 2.1.5.

@davidsh davidsh merged commit be79afd into dotnet:release/2.1 Sep 13, 2018
@davidsh davidsh deleted the port_32143_21branch branch September 13, 2018 16:42
@danmoseley danmoseley modified the milestones: 2.1.x, 2.1.5 Sep 13, 2018
@danmoseley danmoseley added Servicing-approved Approved for servicing release and removed Servicing-approved Approved for servicing release labels Sep 13, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@geoffkizer geoffkizer Awaiting requested review from geoffkizer

Assignees

@davidsh davidsh

Labels

Servicing-approved Approved for servicing release tenet-compatibility Incompatibility with previous versions or .NET Framework

Projects

None yet

Milestone

2.1.5

Development

Successfully merging this pull request may close these issues.

4 participants

@davidsh @geoffkizer @jamshedd @danmoseley