When checking the code for an iOS 11 issue, I found a possible bug in the iOS code. As I do not use this part of the code, I only noticed it by looking at the code (and thus has no priority for me).
In DataTaskDelegate, in DidReceiveChallenge, in the AuthenticationMethodNTLM part, the return statement (currently line 145) can be reached without calling the callback, which MUST be called (according to the Apple docs). I think this return statement must be moved within the brackets one line above.
if (challenge.ProtectionSpace.AuthenticationMethod == NSUrlProtectionSpace.AuthenticationMethodNTLM)
{
if (_secureHttpClientHandler.Credentials != null)
{
NetworkCredential credentialsToUse;
var credentials = _secureHttpClientHandler.Credentials as NetworkCredential;
if (credentials != null)
{
credentialsToUse = credentials;
}
else
{
var uri = GetResponseForTask(task).Request.RequestUri;
credentialsToUse = _secureHttpClientHandler.Credentials.GetCredential(uri, "NTLM");
}
var credential = new NSUrlCredential(credentialsToUse.UserName, credentialsToUse.Password, NSUrlCredentialPersistence.ForSession);
completionHandler(NSUrlSessionAuthChallengeDisposition.UseCredential, credential);
}
return;
}
If _secureHttpClientHandler.Credentials is null, then the default Apple handling is performed.
tranb3r
commented
7 years ago
When checking the code for an iOS 11 issue, I found a possible bug in the iOS code. As I do not use this part of the code, I only noticed it by looking at the code (and thus has no priority for me).
In DataTaskDelegate, in DidReceiveChallenge, in the AuthenticationMethodNTLM part, the return statement (currently line 145) can be reached without calling the callback, which MUST be called (according to the Apple docs). I think this return statement must be moved within the brackets one line above.
If _secureHttpClientHandler.Credentials is null, then the default Apple handling is performed.
Best regards,
Hugo