Description
Hi all,
@TingluoHuang and I (both MSFT employees) are working on updating our Azure Pipelines agent (AKA VSTS agent) to use .NET Core 2.1 (from 2.0). During our testing, we detected a regression in our config scenario against a TFS on-premises instance when a proxy that requires client authentication (like Fiddler) is used.
Our application has the ability to pass in the proxy information via configuration settings, which are then passed in to the .NET Core library to make HTTP requests. This works fine on .NET Core 2.0, but fails on 2.1 when using the default UseSocketsHttpHandler with the following error:
TF400813: Resource not available for anonymous access. Client authentication required.
We were able to work this issue around by falling back to using the legacy HTTP handler, by adding the following line to both our agent worker and listener:
AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false);
I'm attaching a Fiddler trace as a reference: corefx.zip. Sessions 1-25 represent a failed config with the new HTTP handler, while sessions 27-52 represent a successful config with the old HTTP handler.
Let us know if you need more info from our side to find out the root cause of this issue.