Home/ Questions/Q 9268049
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T14:42:35+00:00

We’ve written a DelegatingHandler that handles the authentication scheme for a REST api that

  • 0

We’ve written a DelegatingHandler that handles the authentication scheme for a REST api that we’re calling. However, we seem to get into a situation where the inner WebRequestHandler stops making requests.

I’m looking for any help or advice on anything that can cause this handler to just stop working.

I’ve taken a look and I can’t see any internal state that the WebRequestHandler might have – but tracing through the internals of the attempt to send a message, I can see in StartGettingResponse (from HttpClientHandler):

    {
        if (state.identity != null)
        {
            using (state.identity.Impersonate())
            {
                state.webRequest.BeginGetResponse(this.getResponseCallback, state);
                goto Label_0046;
            }
        }
        state.webRequest.BeginGetResponse(this.getResponseCallback, state);
    Label_0046:
        state.requestMessage.MarkRtcFlushComplete();
    }

identity is null. BeginGetResponse is called, but GetResponseCallback (that getResponseCallback is a cached delegate for) is never called. We see no exception. There’s no network traffic (of any kind).

The code for our delegating handler:

if (request.Headers.Authorization == null)
{
    ClaimsIdentity ident = User == null ? null : User.Identity as ClaimsIdentity;
    if (PreAuthenticate)
    {
        var token = await GenerateAuthenticationToken(ident, guessedRealm,true);
        if (cancellationToken.IsCancellationRequested) return null;
        if (token != null)
        {
            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
        }
    }
    var firstFlight = await base.SendAsync(request, cancellationToken);

    if (firstFlight.StatusCode != System.Net.HttpStatusCode.Unauthorized) return firstFlight;

    var wwwAuth = firstFlight.Headers.WwwAuthenticate;

    var bearerAuth = wwwAuth.SingleOrDefault(hv => hv.Scheme == "Bearer");

    var realmInfo = bearerAuth.Parameter;

    var realm = realmInfo.Substring(7).TrimEnd('"');

    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer",
        await GenerateAuthenticationToken(ident, realm,false)
    );
    if (cancellationToken.IsCancellationRequested) return null;
}
return await base.SendAsync(request, cancellationToken);

(Error checks and paths not followed removed – except PreAuthenticate is false). We can get into a situation where the first call to SendAsync returns (as expected) a 401 response. We generate a suitable authorization token and attach it as a header. But then the second call to SendAsync never causes any network traffic to occur.

I’m using MS Network Monitor to check the network traffic, and it can see the first request (and several previous requests that also use this same handler but don’t encounter the same issue).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It turns out that we were leaking the HttpResponseMessage objects returned by some previous calls, and not calling Dispose on them. (In fact, even in the code snippet I’ve shown, we leak firstFlight)

    It’s not especially obvious that this leak is occurring, and only one or two of them leaked is enough that subsequent requests are queued internally by System.Net.Connection but never actually sent (I think because it’s enforcing the HTTP Connection limit per server)

    • 0