Proxy-Support header case sensitive causes proxied API failure when using HttpClient

[ChrisFWood]

I've been looking into an issue where access to a API work via PowerShell but doesn't via HttpClient.

The diagnostic output logs "Proxy doesn't support connection-based auth" and looking it to that appear to be proxy requires the header "Proxy-Support" with the value "Session-Based-Authentication".

runtime/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs

Line 64 in e64cce6

if (v == "Session-Based-Authentication")

However the API in question has the "Proxy-Support" with the value "Session-based-authentication" a simple case change. While I can accept the specification for the proxy support header may specify the value with an exact case, following this means dotnet apps will not work with some API, and other implementations do not enforce the casing.

Suggested fix would be to make the check case insensitive.

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

---

I've been looking into an issue where access to a API work via PowerShell but doesn't via HttpClient.

The diagnostic output logs "Proxy doesn't support connection-based auth" and looking it to that appear to be proxy requires the header "Proxy-Support" with the value "Session-Based-Authentication".

runtime/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs

Line 64 in e64cce6

if (v == "Session-Based-Authentication")

However the API in question has the "Proxy-Support" with the value "Session-based-authentication" a simple case change. While I can accept the specification for the proxy support header may specify the value with an exact case, following this means dotnet apps will not work with some API, and other implementations do not enforce the casing.

Suggested fix would be to make the check case insensitive.

Author:	ChrisFWood
Assignees:	-
Labels:	area-System.Net.Http, untriaged
Milestone:	-

[geoffkizer]

RFC here: https://datatracker.ietf.org/doc/html/rfc4559

As you can see, it's rather brief and doesn't actually say whether the value is case sensitive or not.

Since there are servers out there that seem to assume it's case-insenstive, we should probably do the same.

[ChrisFWood]

I don't appear to be able to assign myself to this but I don't mind creating a pull request for this.