This is the same topic as an existing post:http://forums.asp.net/t/1776729.aspx/1?Error+when+setting+WwwAuthenticate+header
Note this only seems to occur when self-hosting.
I have provided a custom class to handle Basic Authorization:
public class BasicHttpAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
var response = new HttpResponseMessage()
{
Content = new StringContent("unauthorized"),
RequestMessage = actionContext.Request,
StatusCode = HttpStatusCode.Unauthorized,
Version = actionContext.Request.Version,
ReasonPhrase = "ReasonPhrase"
};
//adding this next line breaks the response (not at this line but later)
//response.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue("Basic", "realm=\"Secure Area\""));
throw new HttpResponseException(response);
}
}
What happens is anyone using the API who is unauthorized never gets a proper response:
>ErrorMessage The underlying connection was closed: An unexpected error occurred on a receive.
I've used winDBG to trace this:
0:008> !clrstack
OS Thread Id: 0x152c (8)
Child SP IP Call Site
05b6f00c 752db9bc [HelperMethodFrame: 05b6f00c]
05b6f05c 70123ddf System.Net.WebHeaderCollection.ThrowOnRestrictedHeader(System.String)
05b6f074 6fb466b2 System.Net.WebHeaderCollection.Add(System.String, System.String)
05b6f090 6ffd3536 System.Net.HttpListenerResponse.AppendHeader(System.String, System.String)
05b6f0a8 523b81e6 System.ServiceModel.Channels.HttpOutput+ListenerResponseHttpOutput.PrepareHttpSend(System.ServiceModel.Channels.Message)
05b6f0d8 51f2f409 System.ServiceModel.Channels.HttpOutput.BeginSend(System.TimeSpan, System.AsyncCallback, System.Object)
05b6f11c 51f34275 System.ServiceModel.Channels.HttpRequestContext+ReplyAsyncResult.SendResponse()
05b6f158 51f340ed System.ServiceModel.Channels.HttpRequestContext+ReplyAsyncResult..ctor(System.ServiceModel.Channels.HttpRequestContext, System.ServiceModel.Channels.Message, System.TimeSpan, System.AsyncCallback, System.Object)
05b6f194 51f33fae System.ServiceModel.Channels.HttpRequestContext.OnBeginReply(System.ServiceModel.Channels.Message, System.TimeSpan, System.AsyncCallback, System.Object)
05b6f1b8 51e4eff0 System.ServiceModel.Channels.RequestContextBase.BeginReply(System.ServiceModel.Channels.Message, System.TimeSpan, System.AsyncCallback, System.Object)
05b6f200 51e4ef4e System.ServiceModel.Channels.RequestContextBase.BeginReply(System.ServiceModel.Channels.Message, System.AsyncCallback, System.Object)
05b6f214 013639a6 System.Web.Http.SelfHost.Channels.HttpMessageEncodingRequestContext.BeginReply(System.ServiceModel.Channels.Message, System.AsyncCallback, System.Object)
05b6f22c 01363927 System.Web.Http.SelfHost.HttpSelfHostServer.BeginReply(ReplyContext)
05b6f25c 01363878 System.Web.Http.SelfHost.HttpSelfHostServer+<>c__DisplayClass5.<ProcessRequestContext>b__2()
05b6f270 013637b5 System.Threading.Tasks.TaskHelpersExtensions.Finally(System.Threading.Tasks.Task, System.Action)
05b6f2a4 009a5fbe System.Web.Http.SelfHost.HttpSelfHostServer.ProcessRequestContext(ChannelContext, System.ServiceModel.Channels.RequestContext)
05b6f2ec 009a5c93 System.Web.Http.SelfHost.HttpSelfHostServer.ReceiveRequestContextComplete(System.IAsyncResult)
05b6f300 009a5c2d System.Web.Http.SelfHost.HttpSelfHostServer.OnReceiveRequestContextComplete(System.IAsyncResult)
05b6f30c 502e085d System.Runtime.AsyncResult.Complete(Boolean)
05b6f35c 502e3bd4 System.Runtime.InputQueue`1+AsyncQueueReader[[System.__Canon, mscorlib]].Set(Item<System.__Canon>)
05b6f378 502e369a System.Runtime.InputQueue`1[[System.__Canon, mscorlib]].EnqueueAndDispatch(Item<System.__Canon>, Boolean)
05b6f3d0 502e349e System.Runtime.InputQueue`1[[System.__Canon, mscorlib]].EnqueueAndDispatch(System.__Canon, System.Action, Boolean)
05b6f3f8 51811ceb System.ServiceModel.Channels.SingletonChannelAcceptor`3[[System.__Canon, mscorlib],[System.__Canon, mscorlib],[System.__Canon, mscorlib]].Enqueue(System.__Canon, System.Action, Boolean)
05b6f41c 51811ae4 System.ServiceModel.Channels.HttpChannelListener.HttpContextReceived(System.ServiceModel.Channels.HttpRequestContext, System.Action)
05b6f460 51811678 System.ServiceModel.Channels.SharedHttpTransportManager.OnGetContextCore(System.IAsyncResult)
05b6f4e8 5181140e System.ServiceModel.Channels.SharedHttpTransportManager.OnGetContext(System.IAsyncResult)
05b6f4f8 502e39d2 System.Runtime.Fx+AsyncThunk.UnhandledExceptionFrame(System.IAsyncResult)
The issue occurs in ThrowOnRestrictedHeader which is being passed 'Www-Authenticate' which is valid but throws an exception?
Note this only seems to occur when self-hosting.
I have provided a custom class to handle Basic Authorization:
public class BasicHttpAuthorizeAttribute : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
var response = new HttpResponseMessage()
{
Content = new StringContent("unauthorized"),
RequestMessage = actionContext.Request,
StatusCode = HttpStatusCode.Unauthorized,
Version = actionContext.Request.Version,
ReasonPhrase = "ReasonPhrase"
};
//adding this next line breaks the response (not at this line but later)
//response.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue("Basic", "realm=\"Secure Area\""));
throw new HttpResponseException(response);
}
}
What happens is anyone using the API who is unauthorized never gets a proper response:
>ErrorMessage The underlying connection was closed: An unexpected error occurred on a receive.
I've used winDBG to trace this:
0:008> !clrstack
OS Thread Id: 0x152c (8)
Child SP IP Call Site
05b6f00c 752db9bc [HelperMethodFrame: 05b6f00c]
05b6f05c 70123ddf System.Net.WebHeaderCollection.ThrowOnRestrictedHeader(System.String)
05b6f074 6fb466b2 System.Net.WebHeaderCollection.Add(System.String, System.String)
05b6f090 6ffd3536 System.Net.HttpListenerResponse.AppendHeader(System.String, System.String)
05b6f0a8 523b81e6 System.ServiceModel.Channels.HttpOutput+ListenerResponseHttpOutput.PrepareHttpSend(System.ServiceModel.Channels.Message)
05b6f0d8 51f2f409 System.ServiceModel.Channels.HttpOutput.BeginSend(System.TimeSpan, System.AsyncCallback, System.Object)
05b6f11c 51f34275 System.ServiceModel.Channels.HttpRequestContext+ReplyAsyncResult.SendResponse()
05b6f158 51f340ed System.ServiceModel.Channels.HttpRequestContext+ReplyAsyncResult..ctor(System.ServiceModel.Channels.HttpRequestContext, System.ServiceModel.Channels.Message, System.TimeSpan, System.AsyncCallback, System.Object)
05b6f194 51f33fae System.ServiceModel.Channels.HttpRequestContext.OnBeginReply(System.ServiceModel.Channels.Message, System.TimeSpan, System.AsyncCallback, System.Object)
05b6f1b8 51e4eff0 System.ServiceModel.Channels.RequestContextBase.BeginReply(System.ServiceModel.Channels.Message, System.TimeSpan, System.AsyncCallback, System.Object)
05b6f200 51e4ef4e System.ServiceModel.Channels.RequestContextBase.BeginReply(System.ServiceModel.Channels.Message, System.AsyncCallback, System.Object)
05b6f214 013639a6 System.Web.Http.SelfHost.Channels.HttpMessageEncodingRequestContext.BeginReply(System.ServiceModel.Channels.Message, System.AsyncCallback, System.Object)
05b6f22c 01363927 System.Web.Http.SelfHost.HttpSelfHostServer.BeginReply(ReplyContext)
05b6f25c 01363878 System.Web.Http.SelfHost.HttpSelfHostServer+<>c__DisplayClass5.<ProcessRequestContext>b__2()
05b6f270 013637b5 System.Threading.Tasks.TaskHelpersExtensions.Finally(System.Threading.Tasks.Task, System.Action)
05b6f2a4 009a5fbe System.Web.Http.SelfHost.HttpSelfHostServer.ProcessRequestContext(ChannelContext, System.ServiceModel.Channels.RequestContext)
05b6f2ec 009a5c93 System.Web.Http.SelfHost.HttpSelfHostServer.ReceiveRequestContextComplete(System.IAsyncResult)
05b6f300 009a5c2d System.Web.Http.SelfHost.HttpSelfHostServer.OnReceiveRequestContextComplete(System.IAsyncResult)
05b6f30c 502e085d System.Runtime.AsyncResult.Complete(Boolean)
05b6f35c 502e3bd4 System.Runtime.InputQueue`1+AsyncQueueReader[[System.__Canon, mscorlib]].Set(Item<System.__Canon>)
05b6f378 502e369a System.Runtime.InputQueue`1[[System.__Canon, mscorlib]].EnqueueAndDispatch(Item<System.__Canon>, Boolean)
05b6f3d0 502e349e System.Runtime.InputQueue`1[[System.__Canon, mscorlib]].EnqueueAndDispatch(System.__Canon, System.Action, Boolean)
05b6f3f8 51811ceb System.ServiceModel.Channels.SingletonChannelAcceptor`3[[System.__Canon, mscorlib],[System.__Canon, mscorlib],[System.__Canon, mscorlib]].Enqueue(System.__Canon, System.Action, Boolean)
05b6f41c 51811ae4 System.ServiceModel.Channels.HttpChannelListener.HttpContextReceived(System.ServiceModel.Channels.HttpRequestContext, System.Action)
05b6f460 51811678 System.ServiceModel.Channels.SharedHttpTransportManager.OnGetContextCore(System.IAsyncResult)
05b6f4e8 5181140e System.ServiceModel.Channels.SharedHttpTransportManager.OnGetContext(System.IAsyncResult)
05b6f4f8 502e39d2 System.Runtime.Fx+AsyncThunk.UnhandledExceptionFrame(System.IAsyncResult)
The issue occurs in ThrowOnRestrictedHeader which is being passed 'Www-Authenticate' which is valid but throws an exception?