Merge pull request #2463 from davidsh/proxyauthfix

davidsh · davidsh · commit e6ef08008d8e · 2015-07-23T17:00:23.000-07:00
Fix proxy authentication handling during redirects
diff --git a/src/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpHandler.cs b/src/System.Net.Http.WinHttpHandler/src/System/Net/Http/WinHttpHandler.cs
@@ -717,6 +717,17 @@ private static void WinHttpStatusCallback(
                     }
 
                     state.RequestMessage.RequestUri = redirectUri;
+                    
+                    // Redirection to a new uri may require a new connection through a potentially different proxy.
+                    // If so, we will need to respond to additional 407 proxy auth demands and re-attach any
+                    // proxy credentials. The ProcessResponse() method looks at the state.LastStatusCode
+                    // before attaching proxy credentials and marking the HTTP request to be re-submitted.
+                    // So we need to reset the LastStatusCode remembered. Otherwise, it will see additional 407
+                    // responses as an indication that proxy auth failed and won't retry the HTTP request.
+                    if (state.LastStatusCode == HttpStatusCode.ProxyAuthenticationRequired)
+                    {
+                        state.LastStatusCode = 0;
+                    }
 
                     // For security reasons, we drop the server credential if it is a 
                     // NetworkCredential.  But we allow credentials in a CredentialCache
@@ -1147,14 +1158,13 @@ private async void StartRequest(object obj)
 
                 uint proxyAuthScheme = 0;
                 uint serverAuthScheme = 0;
-                HttpStatusCode lastStatusCode = 0;
                 bool retryRequest = false;
 
                 do
                 {
                     state.CancellationToken.ThrowIfCancellationRequested();
 
-                    PreAuthenticateRequest(state, requestHandle, proxyAuthScheme, ref lastStatusCode);
+                    PreAuthenticateRequest(state, requestHandle, proxyAuthScheme);
 
                     // Send a request.
                     if (!Interop.WinHttp.WinHttpSendRequest(
@@ -1211,7 +1221,6 @@ await state.RequestMessage.Content.CopyToAsync(
                             requestHandle,
                             ref proxyAuthScheme,
                             ref serverAuthScheme,
-                            ref lastStatusCode,
                             out retryRequest);
                     }
                 } while (retryRequest);
@@ -1276,7 +1285,6 @@ private void ProcessResponse(
             SafeWinHttpHandle requestHandle,
             ref uint proxyAuthScheme,
             ref uint serverAuthScheme,
-            ref HttpStatusCode lastStatusCode,
             out bool retryRequest)
         {
             retryRequest = false;
@@ -1293,14 +1301,14 @@ private void ProcessResponse(
             switch (statusCode)
             {
                 case HttpStatusCode.Unauthorized:
-                    if (state.ServerCredentials == null || lastStatusCode == HttpStatusCode.Unauthorized)
+                    if (state.ServerCredentials == null || state.LastStatusCode == HttpStatusCode.Unauthorized)
                     {
                         // Either we don't have server credentials or we already tried 
                         // to set the credentials and it failed before.
                         // So we will let the 401 be the final status code returned.
                         break;
                     }
-                    lastStatusCode = statusCode;
+                    state.LastStatusCode = statusCode;
 
                     // Determine authorization scheme to use. We ignore the firstScheme
                     // parameter which is included in the supportedSchemes flags already.
@@ -1337,12 +1345,12 @@ private void ProcessResponse(
                     break;
 
                 case HttpStatusCode.ProxyAuthenticationRequired:
-                    if (lastStatusCode == HttpStatusCode.ProxyAuthenticationRequired)
+                    if (state.LastStatusCode == HttpStatusCode.ProxyAuthenticationRequired)
                     {
                         // We tried already to set the credentials.
                         break;
                     }
-                    lastStatusCode = statusCode;
+                    state.LastStatusCode = statusCode;
 
                     // Determine authorization scheme to use. We ignore the firstScheme
                     // parameter which is included in the supportedSchemes flags already.
@@ -1381,8 +1389,7 @@ private void ProcessResponse(
         private void PreAuthenticateRequest(
             RequestState state,
             SafeWinHttpHandle requestHandle,
-            uint proxyAuthScheme,
-            ref HttpStatusCode lastStatusCode)
+            uint proxyAuthScheme)
         {
             // Set proxy credentials if we have them.
             // If a proxy authentication challenge was responded to, reset
@@ -1416,7 +1423,7 @@ private void PreAuthenticateRequest(
                         state.RequestMessage.RequestUri,
                         authScheme,
                         Interop.WinHttp.WINHTTP_AUTH_TARGET_SERVER);
-                    lastStatusCode = HttpStatusCode.Unauthorized; // Remember we already set the creds.
+                    state.LastStatusCode = HttpStatusCode.Unauthorized; // Remember we already set the creds.
                 }
             }
         }
@@ -2151,6 +2158,8 @@ public Func<
             public IWebProxy Proxy { get; set; }
 
             public ICredentials ServerCredentials { get; set; }
+            
+            public HttpStatusCode LastStatusCode { get; set; }
         }
     }
 }
