We migrated our code base to use the latest Pnp.Framework (v1.15.0).
Everything runs fine in our E2E tests with the cloud environments.
However multiple E2E tests targeting our on-premise SharePoint Subscription environment fail with 403: Forbidden responses.
A small snippet can reproduce this issue:
var networkCredential = new NetworkCredential("username", securePwd, "domain");
var authManager = new AuthenticationManager();
using (var clientContext = authManager.GetOnPremisesContext("http://sphost", networkCredential))
{
clientContext.Load(clientContext.Web, web => web.Title);
await clientContext.ExecuteQueryAsync();
}
This snippet generates the following 5 HTTP request:
You can see that the GetUpdatedFormDigestInformation is invoked 2 times (Request 3 & 4) and both responses are added to the X-RequestDigest header of request 5 resulting in the faulty header
webRequestEventArgs.WebRequestExecutor.RequestHeaders["X-RequestDigest"] = (sender as ClientContext).GetOnPremisesRequestDigestAsync().GetAwaiter().GetResult();
We migrated our code base to use the latest Pnp.Framework (v1.15.0). Everything runs fine in our E2E tests with the cloud environments. However multiple E2E tests targeting our on-premise SharePoint Subscription environment fail with 403: Forbidden responses.
A small snippet can reproduce this issue:
This snippet generates the following 5 HTTP request:
HTTP Request 1
> POST http://sphost/_vti_bin/sites.asmx HTTP/1.1 > Content-Type: text/xml > SOAPAction: http://schemas.microsoft.com/sharepoint/soap/GetUpdatedFormDigestInformation > X-RequestForceAuthentication: trueHost: sphost > Content-Length: 335 > Expect: 100-continue > Connection: Keep-Alive > ```xml >HTTP Request 2
> POST http://sphost/_vti_bin/sites.asmx HTTP/1.1 > Content-Type: text/xml > SOAPAction: http://schemas.microsoft.com/sharepoint/soap/GetUpdatedFormDigestInformation > X-RequestForceAuthentication: true > Authorization: NTLM AuthString1 > Host: sphost > Content-Length: 0 > ```xml > ``` > HTTP/1.1 401 Unauthorized > Server: Microsoft-IIS/10.0 > WWW-Authenticate: NTLM AuthString2 > SPRequestGuid: 9c2f1fa1-2048-8098-0000-08265643fb7c > request-id: 9c2f1fa1-2048-8098-0000-08265643fb7c > X-FRAME-OPTIONS: SAMEORIGIN > SPRequestDuration: 1 > SPIisLatency: 0 > X-Powered-By: ASP.NET > MicrosoftSharePointTeamServices: 16.0.0.15601 > X-Content-Type-Options: nosniff > X-MS-InvokeApp: 1; RequireReadOnly > Date: Mon, 15 Apr 2024 08:08:30 GMT > Content-Length: 0 > Proxy-Support: Session-Based-AuthenticationHTTP Request 3
> POST http://sphost/_vti_bin/sites.asmx HTTP/1.1 > Content-Type: text/xml > SOAPAction: http://schemas.microsoft.com/sharepoint/soap/GetUpdatedFormDigestInformation > X-RequestForceAuthentication: true > Authorization: NTLM AuthString3 > Host: sphost > Content-Length: 335 > Expect: 100-continue > ```xml >HTTP Request 4
> POST http://fw-test-spsub/_vti_bin/sites.asmx HTTP/1.1 > X-RequestDigest: GeneratedDigestString1,15 Apr 2024 08:08:30 -0000 > X-FORMS_BASED_AUTH_ACCEPTED: f > Content-Type: text/xml > SOAPAction: http://schemas.microsoft.com/sharepoint/soap/GetUpdatedFormDigestInformation > X-RequestForceAuthentication: true > Host: sphost > Content-Length: 356 > Expect: 100-continue > Accept-Encoding: gzip, deflate > ```xml >HTTP Request 5
> POST http://fw-test-spsub/_vti_bin/client.svc/ProcessQuery HTTP/1.1 > X-RequestDigest: GeneratedDigestString1,15 Apr 2024 08:08:30 -0000,GeneratedDigestString1,15 Apr 2024 08:08:30 -0000 > X-FORMS_BASED_AUTH_ACCEPTED: f > Content-Type: text/xml > X-RequestForceAuthentication: true > Host: sphost > Content-Length: 606 > Expect: 100-continue > Accept-Encoding: gzip, deflate > ```xml >You can see that the GetUpdatedFormDigestInformation is invoked 2 times (Request 3 & 4) and both responses are added to the X-RequestDigest header of request 5 resulting in the faulty header
X-RequestDigest: GeneratedDigestString1,15 Apr 2024 08:08:30 -0000,GeneratedDigestString1,15 Apr 2024 08:08:30 -0000
This header value causes the 403: forbidden response.
If I alter the following code in the AuthenticationManager.cs
https://github.com/pnp/pnpframework/blob/2cd8204f230759d34f9e07c18535cd9648625151/src/lib/PnP.Framework/AuthenticationManager.cs#L1366
to
Everything works.