Bug 7974 - Authentication issue with REST resource/WebRequest exception
Summary: Authentication issue with REST resource/WebRequest exception
Status: RESOLVED NOT_ON_ROADMAP
Alias: None
Product: iOS
Classification: Xamarin
Component: General ()
Version: 6.0.x
Hardware: Macintosh Mac OS
: Normal enhancement
Target Milestone: 7.2.0 (iOS 7.1)
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2012-10-24 15:21 UTC by Allie Miller
Modified: 2015-10-22 20:49 UTC (History)
6 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED NOT_ON_ROADMAP

Description Allie Miller 2012-10-24 15:21:06 UTC
Case 18931
When attempting to use MonoTouch to access a secured REST resource through MonoTouch, the REST resource is behind windows authentication. Can access the REST resource easily enough from .NET code on a Windows desktop.  Below is the sample code of a console app that access the resource:


namespace NTLMAuth

{

class Program

{

static void Main(string[] args)

{

NetworkCredential credential = new NetworkCredential("abc",
"123");

HttpWebRequest req =
WebRequest.Create("http://s2dev.post.proag.local/dashboard/api/dashboard
picker?subarea=mpci&year=2011&pickerchanged=year") as
HttpWebRequest;//"http://s2dev.post.proag.local/dashboard/api/dashboardp
icker?subarea=mpci&year=2009&pickerchanged=year") as HttpWebRequest;

req.Method = "GET";

req.KeepAlive = true;

req.AuthenticationLevel =
AuthenticationLevel.MutualAuthRequested;

CredentialCache ch = new CredentialCache();

ch.Add(req.RequestUri, "NTLM", credential);

req.Credentials = ch;

try

{

WebResponse resp = req.GetResponse();



long len = resp.ContentLength;

bool done = len > 0;

}

catch (Exception ex)

{

string msg = ex.Message;

}



}

}

}


Hitting the exact same NotImplementedException with IsMutuallyAuthenticated as well while using MonoTouch v6.0.4 
Similar issues seen in:
http://www.mail-archive.com/monotouch@lists.ximian.com/msg01445.html
http://www.mail-archive.com/monotouch@lists.ximian.com/msg01445.html
Comment 2 Sebastien Pouliot 2012-10-24 18:35:33 UTC
Mono, and by extension MonoTouch, does not support Kerberos (nor the Microsoft extensions that MS added on top of it). This is why setting AuthenticationLevel.MutualAuthRequested will throw a NotImplementedException. There's no plan to include this inside Mono itself. 

Apple does support GSSAPI so it _might_ be possible to authenticate to kerberos servers. OTOH MonoTouch does not have binding for this at the moment (nor are they planned).
Comment 5 PJ 2013-07-08 18:36:52 UTC
Gouri lowered the importance from critical to High, but Spouliot does say that this is not planned right now so it would be hard to even say this is high priority. 

I will set the priority back to normal, as this was only set to critical because of the Priority nature of the customer. The bug unfortunately is more of a feature request, and so cannot fall into the priority support SLA.

I would be happy to change this back to a higher priority if we have an answer for Sebastien or further pressure from Chris/customers to make this happen.
Comment 6 PJ 2013-11-19 16:44:51 UTC
This bug was targeted for a past milestone, moving to the next non-hotfix active milestone.
Comment 7 Sebastien Pouliot 2015-10-22 20:49:30 UTC
Closing to avoid confusion. There are still no plan for low-level GSSAPI bindings (and they would not have helped here).

There's also no plan for Mono to get a more general/cross-platform Kerberos implementation.

The only option, as mentioned in comment #2, remains to use high-level iOS API (e.g. NSURLSession) or an HttpClient with a native (not managed) handler and let the OS deal with it.