Search code examples
.netproxysoaphttpclientprotocol

SoapHttpClientProtocol caches proxy credentials?


I've noticed in .NET4 that the SoapHttpClientProtocol appears to cache proxy credentials. Does anybody know if this is true, and how to refresh this cache? If my users change their credentials I would like to try them, but once I get any SoapHttpClientProtocol to successfully connect, any call to invoke appears to work.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Net;
using System.Web.Services;
    class Program : System.Web.Services.Protocols.SoapHttpClientProtocol
{
    public Program()
    {
        base.Url = "something";
    }
    static void Main(string[] args)
    {
        Program x = new Program();
        x.Proxy = new WebProxy("basicproxy", 2121);
        x.Proxy.Credentials = new NetworkCredential("proxyuser", "IncorrectPassword");
        Console.WriteLine("Attempt with proxyuser and IncorrectPassword: " + x.NoOp());

        x.Proxy.Credentials = new NetworkCredential("proxyuser", "password");
        Console.WriteLine("Attempt with proxyuser and password: " + x.NoOp());

        x.Proxy.Credentials = new NetworkCredential("proxyuser", "IncorrectPassword");
        Console.WriteLine("Attempt with proxyuser and IncorrectPassword: " + x.NoOp());

        Program y = new Program();
        y.Proxy = new WebProxy("basicproxy", 2121);
        y.Proxy.Credentials = new NetworkCredential("proxyuser", "IncorrectPassword");
        Console.WriteLine("Attempt with proxyuser and IncorrectPassword: " + y.NoOp());
    }

    /// <remarks/>
    [System.Web.Services.Protocols.SoapDocumentMethodAttribute("...", RequestNamespace = "...", ResponseNamespace = "...", Use = System.Web.Services.Description.SoapBindingUse.Literal, ParameterStyle = System.Web.Services.Protocols.SoapParameterStyle.Wrapped)]
    public bool NoOp()
    {
        try
        {
            object[] results = this.Invoke("NoOp", new object[0]);
            return ((bool)(results[0]));
        }
        catch (WebException e)
        {
            if (e.Response != null && ((HttpWebResponse)e.Response).StatusCode == HttpStatusCode.ProxyAuthenticationRequired)
            {
                Console.WriteLine("incorrect Credential attempt!");
            }
            else
            {
                Console.WriteLine("Exception: " + e.Message);
            }
        }
        return false;
    }

The output of this program (I'm expecting the last two to be false)

incorrect Credential attempt!
Attempt with proxyuser and IncorrectPassword: False
Attempt with proxyuser and password: True
Attempt with proxyuser and IncorrectPassword: True
Attempt with proxyuser and IncorrectPassword: True

Solution

  • A quick look at HttpWebRequest with Reflector shows that it doesn't differentiate ServicePoint objects based on the proxy credentials. So it reuses the same http connection pool for all those requests and since the same connection stays alive after the first successful proxy authentication, it doesn't even try to use the credentials provided for the last two requests.

    You could try setting the ConnectionGroupName property to some string containing the proxy username and password at the time you set the Proxy property (with a helper method maybe).

    Another option is to use the proxyuser:password@basicproxy:2121 url scheme for the WebProxy constructor.