After describing how .net actually handles proxies, I thought I'd let you know the two problem programs that caused the bother - Cardspace and Windows Live Writer.
The problems with Cardspace were primarily due to the *.domain.com not matching a Uri with a port number (e.g. *.domain.com doesn't match against my.domain.com:8080). I think this is a bug.
This caused Cardspace to try and hit the proxy, which promptly failed with a 407, because there are no credentials specified.
And this is where I get a bit nervous.
I can fix this easily - it's just one line in the config file (useDefaultCredentials="true"). But it's changing it for all uses of Cardspace, and I'm not sure what impact that will have. I think it's ok, but I'd rather not mess about with another program's config. Especially not a security one!
(Of course, adding a new bypass rule meant that it went direct, so no authentication error, but it will fail if I want to use Cardspace on another site.)
The second pesky program was Windows Live Writer. I can't get it to work with an authenticating proxy. Turns out, it's because they tried to be clever. To be fair, they didn't have much choice - it's a .net 1.1 app, so proxy support is a bit limited anyway. They use the obsolete WebProxy.GetDefaultProxy() (which gets data from IE) but so I don't get any credentials sent, and config is bypassed so I can't add any. Then it starts to get clever and allows you to specify a proxy explicitly, with a hostname, port, username and password. When it tries to make a web request, it creates a new WebProxy with this details (if entered) and falls back to the IE settings if not. This should solve the problem, but they've defaulted to not bypassing for local machines, and not passing in a list of addresses to bypass. I can only assume that this is what's causing my problems, but I just can't get in.
It's a shame they don't get details from config, because I could then get it running against .net 2 and specify everything I need in the config files.
Of course, if I wanted to get really devious, I could write a plugin that included TypeMock and mocked out the calls to get the proxy with code that returned a properly configured one...
Subscribe