[Mono-bugs] [Bug 549391] New: Expired Nonce during HTTP RFC 2617 Authentication not handled properly.

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Thu Oct 22 17:40:50 EDT 2009


           Summary: Expired Nonce during HTTP RFC 2617 Authentication not
                    handled properly.
    Classification: Mono
           Product: Mono: Class Libraries
           Version: 2.4.x
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Sys.Web
        AssignedTo: mhabersack at novell.com
        ReportedBy: david.mcdaniel at wolfnet.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---

Created an attachment (id=323829)
 --> (http://bugzilla.novell.com/attachment.cgi?id=323829)
Capture of HTTP Headers and an expired nonce.

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)

When receiving a forced expired nonce from a server the Mono library does not
retry per RFC 2617 and thus an authentication is not achieved. the .NET library
properly retries and succeeds at authentication.

Reproducible: Always

Steps to Reproduce:
1.Connect to server that forces a none expiration.
Actual Results:  
HTTP/1.1 401 Nonce Expired

Expected Results:  
HTTP/1.1 200 OK

I have attached an HTTP capture of a program attempting this using .NET and
using Mono. Unfortunately I can not include the code as the server software
that forces the nonce expire does not belong to me and I can not give out the
connection information. However, the capture should point in the proper

Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list