Open Paul-N opened 2 months ago
Tagging subscribers to this area: @dotnet/ncl See info in area-owners.md if you want to be subscribed.
I think it may be the platform handler. Can you try it with var handler = new SocketsHttpHandler()
@Paul-N ?
That should give you consistent behavior. Note that Digest
depends on MD5 and that is not considered safe in modern times.
Can you try it with
var handler = new SocketsHttpHandler()
@Paul-N ?
Yes, this fixed the bug...
well, not really but at least you have something to work with. I'll leave it open for iOS folks to look at it.
@vitek-karas @kotlarmilos can you please triage this iOS issue? Thanks!
@simonrozsival can you please take a look?
As far as I can tell, Digest auth is not implemented in the iOS platform handler (unlike it is in the managed SocketsHttpHandler
and in Android's native AndroidMessageHandler
). This is certainly something that either needs to be documented as a known limitation, or it should be implemented in the native iOS handler.
If easy we can perhaps share implementation. Digest is not considered secure as it depends on long deprecated md5
. So you would not stress too much about it. Documentation would certainly be helpful to avoid pitfalls but I'm not sure where you would put it. At least workaround exists.
Description
HttpClient with Digest auth is working fine in
.net8
console app. Onnet8-ios
requests are failing withStatus 401
. I attached repository with the code to reproduce (see below).Reproduction Steps
Let's say we have a service that is working with
httpbin.org
site with Digest auth.This code will work fine in console apps but will fail in iOS/Android app with
401
status codeExpected behavior
Digest auth should work (or not work) the same way on every OS supported by modern
net8
. In this case I expect code200
in console app and in mobile apps.Actual behavior
Digest auth work in console app and doesn't work in mobile apps (iOS/Android)
Regression?
No response
Known Workarounds
No response
Configuration
No response
Other information
See https://github.com/Paul-N/DigestAuthDemo repository. It consist of 3 projects. They all have a service
interface IHttpBinService
that is working with httpbin.org website. The projects are:net8
console app,net8-ios
iOS app (no MAUI, just basic native UI to test),Xamarin iOS
app with the same UI.The service
interface IHttpBinService
has two implementations: one with HttpClient and another with NSUrlSession (native iOS way to make a HTTP requests). The console app is able to call only HttpClient based service. The two iOS app can call both implementations.How to test:
DigestAuthDemo.Xamarin_iOS
app, click[HttpClient]
button, response is Ok. Click[Clear]
button. Click[NsUrlSession]
response is also Ok.DigestAuthDemo.Net8_iOS
app, click[HttpClient]
button, response is Error. Click[Clear]
button. Click[NsUrlSession]
response is Ok.⚠️ Strange behavior: If you are running
DigestAuthDemo.Net8_iOS
and you hit[NsUrlSession]
BEFORE[HttpClient]
button then HttpClient will work fine.