[Mono-bugs] [Bug 585455] New: HttpListener does not handle authentication completely

Thu Mar 4 08:41:06 EST 2010

http://bugzilla.novell.com/show_bug.cgi?id=585455

http://bugzilla.novell.com/show_bug.cgi?id=585455#c0

           Summary: HttpListener does not handle authentication completely
    Classification: Mono
           Product: Mono: Class Libraries
           Version: SVN
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: System
        AssignedTo: mono-bugs at lists.ximian.com
        ReportedBy: aenomoto at novell.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---
           Blocker: ---

Created an attachment (id=346551)
 --> (http://bugzilla.novell.com/attachment.cgi?id=346551)
fix candidate patch

I have been investigating on why HttpListener Basic authentication does not
work (as well as others) well, and noticed that it has some misbehavior on
Begin/EndGetContext() handling.

// ---- repro listener code ----
using System;
using System.Net;
using System.IO;

public class Test
{
        public static void Main ()
        {
                var l = new HttpListener ();
                l.AuthenticationSchemes = AuthenticationSchemes.Basic;
                l.Prefixes.Add ("http://localhost:8080/");
                l.Start ();
                var ir = l.BeginGetContext (null, null);
                Console.WriteLine ("Type [CR] to continue...");
                Console.ReadLine ();
                var ctx = l.EndGetContext (ir);
                Console.WriteLine (ctx.User.Identity);
                var ident = ctx.User.Identity as HttpListenerBasicIdentity;
                Console.WriteLine (ident.Name);
                ctx.Response.Close ();
        }
}

To test the repro, first compile and start the listener. It will wait for enter
key.

  gmcs listener.cs
  mono listener.exe

And then run wget:

  wget --http-user=user --http-password=right http://localhost:8080/index.html

Enter [CR] on the listener console and it will continue to EndGetContext().

When successfully done, it prints "user".

I have a patch (attached) that makes it work to some extent. Basically it is
wrong to signal the WaitHandle as if it were finished request processing while
it indeed isn't (it's still processing negotiation connection).

It successfully passes basic authentication, but on windows it somehow results
in weird runtime crash (probably invalid access to thread or network
resources).

  Stacktrace:

  This application has requested the Runtime to terminate it in an unusual way.
  Please contact the application's support team for more information.

Even after applying my patch it still fails on WCF authentication samples
(olive/samples/wcf/authentication), but it is likely another issue in
HttpListener.

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.