Bug 23322 - Verify whether NuGet proxy authentication patch should be applied to Xamarin Studio's proxy support
Summary: Verify whether NuGet proxy authentication patch should be applied to Xamarin ...
Status: CONFIRMED
Alias: None
Product: Xamarin Studio
Classification: Desktop
Component: General ()
Version: 5.7
Hardware: PC Mac OS
: Normal normal
Target Milestone: master
Assignee: Matt Ward
URL:
Depends on:
Blocks:
 
Reported: 2014-09-24 05:33 UTC by Matt Ward
Modified: 2015-06-09 07:31 UTC (History)
3 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report for Bug 23322 on Developer Community or GitHub if you have new information to add and do not yet see a matching new report.

If the latest results still closely match this report, you can use the original description:

  • Export the original title and description: Developer Community HTML or GitHub Markdown
  • Copy the title and description into the new report. Adjust them to be up-to-date if needed.
  • Add your new information.

In special cases on GitHub you might also want the comments: GitHub Markdown with public comments

Related Links:
Status:
CONFIRMED

Description Matt Ward 2014-09-24 05:33:48 UTC
Need to check whether the patch applied to NuGet to handle proxy authentication when connecting to a HTTPS source should be applied to Xamarin Studio's RequestHelper class. The patch has comments on what the original problem is.

Patch:

https://github.com/mrward/nuget/commit/5540acd6583d30f28be278897dda98afadccd065

RequestHelper:

https://github.com/mono/monodevelop/blob/master/main/src/core/MonoDevelop.Core/MonoDevelop.Core.Web/RequestHelper.cs


Should test proxy authentication for connecting to Xamarin's back end servers:

1) Components: Browsing, adding a component
https://components.xamarin.com/

2) Updater.
Comment 1 Prashant manu 2014-11-24 06:05:18 UTC
Could you please provide us directions/suggestion to check this issue?
Comment 2 Matt Ward 2014-11-24 06:29:49 UTC
The original problem that NuGet had is explained in this comment:

https://bugzilla.xamarin.com/show_bug.cgi?id=19594#c2

When a system wide proxy was configured for both http and https traffic, no credentials saved anywhere, the user was never prompted for their credentials when looking for NuGet packages on https://nuget.org. In order to fix the problem for NuGet a patch was applied to NuGet. Xamarin Studio has the same NuGet code for its proxy authentication logic so it is worth testing whether a prompt will occur if a proxy is configured for all web traffic including https and the various https services are used (e.g. components and updater)

There is also some instructions on testing NuGet using Fiddler as the proxy in this comment which may or may not help:

https://bugzilla.xamarin.com/show_bug.cgi?id=19522#c4
Comment 3 Matt Ward 2015-06-09 07:31:04 UTC
Xamarin Studio does have the same problem that the NuGet addin has. If a system wide proxy is setup for https then a request to a https url will not prompt the user for proxy credentials.

A patch has been applied to a separate branch:

https://github.com/mono/monodevelop/tree/proxy-authentication-https-url

The problem with this fix is that if the user has an invalid username/password or wants to cancel the prompt they see it several times when starting up Xamarin Studio. Xamarin Studio makes several connections to different https urls on startup so the user would be prompted many times if they did not have a username and password that works.

When testing the existing code on the master branch there would be no prompts for credentials on startup but all requests to https urls would fail and be logged. Then the user could go into the Check for Updates dialog and then they would be prompted when connecting to the http://addins.monodevelop.com url. After entering correct credentials here then the https urls could be used without prompting. Note that if the user cancels the dialog then they would still be prompted twice for credentials at this point.

So the fix on the proxy-authentication-https-url feature branch makes the behaviour of Xamarin Studio worse on startup if the user does not have a valid username and password. Ideally the user would be prompted once and if they cancelled then would not be prompted on startup but would be prompted the next time they tried an action, such as checking for updates, that would need credentials.