https://bugzilla.novell.com/show_bug.cgi?id=321212#c4
Geoff Norton <[EMAIL PROTECTED]> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |[EMAIL
PROTECTED]
--- Comment #4 from Geoff Norton <[EMAIL PROTECTED]> 2007-11-06 15:18:27 MST
---
I spent a bit of time on this and the reporter is correct. PreAuthenticate
acts the same on 1.1 and 2.0 but it does NOT blindly send the credentials; it
causes the following behaviour
WITHOUT PREAUTH:
(HttpWebRequest Object #1)
C: GET /someUrl
S: 401 Auth Required
C: GET /someUrl (with authentication headers)
S: 200 OK
(HttpWebRequestObject #2)
C: GET /someOtherUrl
S: 401 Auth Required
C: GET /someOtherUrl (with authentication headers)
S: 200 OK
WITH PREAUTH:
(HttpWebRequest Object #1)
C: GET /someUrl
S: 401 AuthRequired
C: GET /someUrl (with authentication headers)
S: 200 OK
(HttpWebRequest Object #2)
C: GET /someOtherUrl (with authentication headers)
S: 200 OK
There are a few caveats. Domain has to match and the path has to match up to
the containing folder of the first request. Also both request #1 and #2 must
have the same credentials and both have to set PreAuthenticate = true.
Microsoft must keep some sort of state cache of PreAuth requests and only skip
getting the 401 when those criteria match.
We still need to determine wether these are appdomain specific (I assume they
are) and what lifecycle they have (if any)
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
_______________________________________________
mono-bugs maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-bugs
