No way to sign out of a NSUrlSession

[dotMorten]

When making a request to a Basic auth service, there's no way to sign out. Normally using a new NSUrlSession like the NSUrlSessionHandler creates should do this, but due to an Apple bug (RADAR #21403897), this doesn't actually happen. To workaround that, you'd need to reset the session, but there's no way to get at that session.

Steps to Reproduce

1. Run the following code:

   
   var handler1 = new NSUrlSessionHandler()
   {
   Credentials = new System.Net.NetworkCredential("guest", "guest", "")
   };
   HttpClient client1 = new HttpClient(handler1);
   var s1 = await client1.GetAsync("https://jigsaw.w3.org/HTTP/Basic/");
   Debug.Assert(s1.StatusCode == System.Net.HttpStatusCode.OK);

// Workaround: / var field = typeof(NSUrlSessionHandler).GetField("session", BindingFlags.NonPublic | BindingFlags.Instance); if (field != null) { var session = field.GetValue(handler1) as Foundation.NSUrlSession; if (session != null) { session.InvalidateAndCancel(); session.Reset(() => { }); } } /

var handler2 = new NSUrlSessionHandler() { Credentials = null }; HttpClient client2 = new HttpClient(handler2); var s2 = await client2.GetAsync("https://jigsaw.w3.org/HTTP/Basic/"); Debug.Assert(s1.StatusCode == System.Net.HttpStatusCode.Unauthorized); // Returns OK when 401 was expected

2. Notice that the second request returns OK without a credential, when it should return 401.
3. Uncomment the workaround that resets the session on the old handler, and the code now passes

### Expected Behavior
Second request should return 401.
Due to an Apple bug we must reset the session, but the used session isn't exposed on the NSUrlSessionHandler.

### Actual Behavior
Returns 200, reusing an old credential.

### Suggestion:
Add a constructor that take a session. That'll allow us to also use the shared session.
Secondary, provide a get-only property for the NSUrlSession.

### Environment

Microsoft Visual Studio Enterprise 2019 Version 16.5.3 VisualStudio.16.Release/16.5.3+30002.166 Microsoft .NET Framework Version 4.8.03752

Installed Version: Enterprise

Visual C++ 2019 00435-60000-00000-AA802 Microsoft Visual C++ 2019

.NET Portability Analyzer 1.1.10808.0 Evaluates portability of assemblies across .NET platforms.

ArcGIS Runtime SDK for .NET 100.7.0 ArcGIS Runtime SDK for .NET allows developers to build immersive, native mapping applications for Windows, Android, and iOS devices using C#. It includes five APIs: WPF to create apps for Windows Desktop, UWP to create Universal Windows apps, Xamarin.Android and Xamarin.iOS for Android and iOS apps that need access to native functionality, and Xamarin.Forms to create apps that share UI layouts across Android, iOS, and UWP.

ASP.NET and Web Tools 2019 16.5.236.49856 ASP.NET and Web Tools 2019

ASP.NET Web Frameworks and Tools 2019 16.5.236.49856 For additional information, visit https://www.asp.net/

Azure App Service Tools v3.0.0 16.5.236.49856 Azure App Service Tools v3.0.0

Azure Functions and Web Jobs Tools 16.5.236.49856 Azure Functions and Web Jobs Tools

C# Tools 3.5.0-beta4-20153-05+20b9af913f1b8ce0a62f72bea9e75e4aa3cf6b0e C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Common Azure Tools 1.10 Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.

Extensibility Message Bus 1.2.0 (d16-2@8b56e20) Provides common messaging-based MEF services for loosely coupled Visual Studio extension components communication and integration.

GitHub.VisualStudio 2.10.8.8121 A Visual Studio Extension that brings the GitHub Flow into Visual Studio.

IntelliCode Extension 1.0 IntelliCode Visual Studio Extension Detailed Info

Microsoft Azure Tools 2.9 Microsoft Azure Tools for Microsoft Visual Studio 2019 - v2.9.30207.1

Microsoft Continuous Delivery Tools for Visual Studio 0.4 Simplifying the configuration of Azure DevOps pipelines from within the Visual Studio IDE.

Microsoft JVM Debugger 1.0 Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines

Microsoft Library Manager 2.1.25+gdacdb9b7a1 Install client-side libraries easily to any web project

Microsoft MI-Based Debugger 1.0 Provides support for connecting Visual Studio to MI compatible debuggers

Microsoft Visual C++ Wizards 1.0 Microsoft Visual C++ Wizards

Microsoft Visual Studio Tools for Containers 1.1 Develop, run, validate your ASP.NET Core applications in the target environment. F5 your application directly into a container with debugging, or CTRL + F5 to edit & refresh your app without having to rebuild the container.

Microsoft Visual Studio VC Package 1.0 Microsoft Visual Studio VC Package

Mono Debugging for Visual Studio 16.5.514 (c4f36a9) Support for debugging Mono processes with Visual Studio.

NuGet Package Manager 5.5.0 NuGet Package Manager in Visual Studio. For more information about NuGet, visit https://docs.nuget.org/

Project System Tools 1.0 Tools for working with C#, VisualBasic, and F# projects.

ProjectServicesPackage Extension 1.0 ProjectServicesPackage Visual Studio Extension Detailed Info

Snapshot Debugging Extension 1.0 Snapshot Debugging Visual Studio Extension Detailed Info

SQL Server Data Tools 16.0.62003.05170 Microsoft SQL Server Data Tools

Test Adapter for Boost.Test 1.0 Enables Visual Studio's testing tools with unit tests written for Boost.Test. The use terms and Third Party Notices are available in the extension installation directory.

Test Adapter for Google Test 1.0 Enables Visual Studio's testing tools with unit tests written for Google Test. The use terms and Third Party Notices are available in the extension installation directory.

TypeScript Tools 16.0.20225.2001 TypeScript Tools for Microsoft Visual Studio

Visual Basic Tools 3.5.0-beta4-20153-05+20b9af913f1b8ce0a62f72bea9e75e4aa3cf6b0e Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Visual F# Tools 10.8.0.0 for F# 4.7 16.5.0-beta.20181.6+85af456066acd4e76d2bc7821b44a325e46f2fca Microsoft Visual F# Tools 10.8.0.0 for F# 4.7

Visual Studio Code Debug Adapter Host Package 1.0 Interop layer for hosting Visual Studio Code debug adapters in Visual Studio

Visual Studio Container Tools Extensions (Preview) 1.0 View, manage, and diagnose containers within Visual Studio.

Visual Studio Tools for CMake 1.0 Visual Studio Tools for CMake

Visual Studio Tools for Containers 1.0 Visual Studio Tools for Containers

VisualStudio.DeviceLog 1.0 Information about my package

VisualStudio.Foo 1.0 Information about my package

VisualStudio.Mac 1.0 Mac Extension for Visual Studio

Xamarin 16.5.000.533 (d16-5@9152e1b) Visual Studio extension to enable development for Xamarin.iOS and Xamarin.Android.

Xamarin Designer 16.5.0.470 (remotes/origin/d16-5@681de3fd6) Visual Studio extension to enable Xamarin Designer tools in Visual Studio.

Xamarin Templates 16.5.49 (0904f41) Templates for building iOS, Android, and Windows apps with Xamarin and Xamarin.Forms.

Xamarin.Android SDK 10.2.0.100 (d16-5/988c811) Xamarin.Android Reference Assemblies and MSBuild support. Mono: c0c5c78 Java.Interop: xamarin/java.interop/d16-5@fc18c54 ProGuard: xamarin/proguard/master@905836d SQLite: xamarin/sqlite/3.28.0@46204c4 Xamarin.Android Tools: xamarin/xamarin-android-tools/d16-5@9f4ed4b

Xamarin.iOS and Xamarin.Mac SDK 13.16.0.13 (b75deaf) Xamarin.iOS and Xamarin.Mac Reference Assemblies and MSBuild support.

[mandel-macaque]

Hello, I'm confused by your sample, you have:

var s2 = await client1.GetAsync("https://jigsaw.w3.org/HTTP/Basic/");

So you are using the same client you used in the first request, which means that it has the credentials you set in the first handler.

[dotMorten]

@mandel-macaque Oops that was a typo (fixed it), but issue sort of still remains, except now the workaround doesn't even work. which is odd because that actually did the trick in our real code :( It's odd because you actually declare the session to store credentials for just the session, and not system wide, yet it seems to survive beyond

[mandel-macaque]

@dotMorten I'll take a look. Does not make much sense, I was looking at the code and the creds are not stored.. Unless apple is playing tricks on us and it stores the creds we used after the first request. Knowing apple, that is very well possible, I'll have to dig a little deeper.

[mandel-macaque]

So PR https://github.com/xamarin/xamarin-macios/pull/8543 also fixes this issue. Added a test that shows it: https://github.com/xamarin/xamarin-macios/pull/8543/files#diff-189f486f4fcde704a1fd4f3f946f7f87R531