private async Task <ICredentials> PromptForCredentialsAsync(
CredentialRequestType type,
string message,
CancellationToken token)
{
ICredentials promptCredentials = null;
if (HttpHandlerResourceV3.PromptForCredentialsAsync != null)
{
try
{
// Only one prompt may display at a time.
await _credentialPromptLock.WaitAsync();
promptCredentials =
await HttpHandlerResourceV3.PromptForCredentialsAsync(_baseUri, type, message, token);
}
catch (TaskCanceledException)
{
throw; // pass-thru
}
catch (OperationCanceledException)
{
// A valid response for VS dialog when user hits cancel button
promptCredentials = null;
}
finally
{
_credentialPromptLock.Release();
}
}
return(promptCredentials);
}
public Task <CredentialResponse> GetAsync(
Uri uri,
IWebProxy proxy,
CredentialRequestType type,
string message,
bool isRetry,
bool nonInteractive,
CancellationToken cancellationToken)
{
if (uri == null)
{
throw new ArgumentNullException(nameof(uri));
}
if (nonInteractive)
{
return(Task.FromResult(
new CredentialResponse(null, CredentialStatus.ProviderNotApplicable)));
}
switch (type)
{
case CredentialRequestType.Proxy:
message = LocalizedResourceManager.GetString("Credentials_ProxyCredentials");
break;
case CredentialRequestType.Forbidden:
message = LocalizedResourceManager.GetString("Credentials_ForbiddenCredentials");
break;
default:
message = LocalizedResourceManager.GetString("Credentials_RequestCredentials");
break;
}
Console.WriteLine(message, uri.OriginalString);
Console.Write(LocalizedResourceManager.GetString("Credentials_UserName"));
cancellationToken.ThrowIfCancellationRequested();
string username = Console.ReadLine();
Console.Write(LocalizedResourceManager.GetString("Credentials_Password"));
using (SecureString password = new SecureString())
{
cancellationToken.ThrowIfCancellationRequested();
Console.ReadSecureString(password);
var credentials = new NetworkCredential
{
UserName = username,
SecurePassword = password
};
var cred = new CredentialResponse(credentials, CredentialStatus.Success);
var task = Task.FromResult(cred);
return(task);
}
}
public Task <CredentialResponse> GetAsync(
Uri uri,
IWebProxy proxy,
CredentialRequestType type,
string message,
bool isRetry,
bool nonInteractive,
CancellationToken cancellationToken)
{
if (uri == null)
{
throw new ArgumentNullException(nameof(uri));
}
cancellationToken.ThrowIfCancellationRequested();
var cred = GetCredentials(
uri,
proxy,
type,
isRetry);
var response = cred != null
? new CredentialResponse(cred)
: new CredentialResponse(CredentialStatus.ProviderNotApplicable);
return(Task.FromResult(response));
}
public Task <CredentialResponse> GetAsync(Uri uri, IWebProxy proxy, CredentialRequestType type, string message, bool isRetry, bool nonInteractive, CancellationToken cancellationToken)
{
if (nonInteractive)
{
return(Task.FromResult(GetExistingCredential(uri, proxy, type)));
}
var cp = WebRequestHelper.CredentialProvider;
if (cp == null)
{
return(null);
}
CredentialType credentialType = GetCredentialType(type);
return(Task.Run(() => {
ICredentials credentials = cp.GetCredentials(uri, proxy, credentialType, isRetry);
if (credentials != null)
{
return new CredentialResponse(credentials);
}
return new CredentialResponse(CredentialStatus.UserCanceled);
}));
}
public async Task <CredentialResponse> GetAsync(
Uri uri,
IWebProxy proxy,
CredentialRequestType type,
string message,
bool isRetry,
bool nonInteractive,
CancellationToken cancellationToken)
{
if (uri == null)
{
throw new ArgumentNullException(nameof(uri));
}
// TODO: Extend the IVS API surface area to pass down the credential request type.
var credentials = await _provider.GetCredentialsAsync(
uri,
proxy,
isProxyRequest : type == CredentialRequestType.Proxy,
isRetry : isRetry,
nonInteractive : nonInteractive,
cancellationToken : cancellationToken);
return(credentials == null
? new CredentialResponse(CredentialStatus.ProviderNotApplicable)
: new CredentialResponse(credentials));
}
/// <summary>
/// Call the plugin credential provider application to acquire credentials.
/// The request will be passed to the plugin on standard input as a json serialized
/// PluginCredentialRequest.
/// The plugin will return credentials as a json serialized PluginCredentialResponse.
/// Valid credentials will be returned, or null if the provide cannot provide credentials
/// for the given request. If the plugin returns an Abort message, an exception will be thrown to
/// fail the current request.
/// </summary>
/// <param name="uri">The uri of a web resource for which credentials are needed.</param>
/// <param name="proxy">Ignored. Proxy information will not be passed to plugins.</param>
/// <param name="type">
/// The type of credential request that is being made. Note that this implementation of
/// <see cref="ICredentialProvider"/> does not support providing proxy credenitials and treats
/// all other types the same.
/// </param>
/// <param name="isRetry">If true, credentials were previously supplied by this
/// provider for the same uri.</param>
/// <param name="message">A message provided by NuGet to show to the user when prompting.</param>
/// <param name="nonInteractive">If true, the plugin must not prompt for credentials.</param>
/// <param name="cancellationToken">A cancellation token.</param>
/// <returns>A credential object. If </returns>
public Task <CredentialResponse> GetAsync(
Uri uri,
IWebProxy proxy,
CredentialRequestType type,
string message,
bool isRetry,
bool nonInteractive,
CancellationToken cancellationToken)
{
CredentialResponse taskResponse;
if (type == CredentialRequestType.Proxy)
{
taskResponse = new CredentialResponse(CredentialStatus.ProviderNotApplicable);
return(Task.FromResult(taskResponse));
}
try
{
var request = new PluginCredentialRequest
{
Uri = uri.ToString(),
IsRetry = isRetry,
NonInteractive = nonInteractive
};
// TODO: Extend the plug protocol to pass in the credential request type.
var response = Execute(request, cancellationToken);
if (response.IsValid)
{
ICredentials result = new NetworkCredential(response.Username, response.Password);
if (response.AuthTypes != null)
{
result = new AuthTypeFilteredCredentials(result, response.AuthTypes);
}
taskResponse = new CredentialResponse(result);
}
else
{
taskResponse = new CredentialResponse(CredentialStatus.ProviderNotApplicable);
}
}
catch (OperationCanceledException)
{
throw;
}
catch (PluginException)
{
throw;
}
catch (Exception e)
{
throw PluginException.Create(Path, e);
}
return(Task.FromResult(taskResponse));
}
public Task <CredentialResponse> GetAsync(Uri uri, IWebProxy proxy, CredentialRequestType type, string message, bool isRetry, bool nonInteractive, CancellationToken cancellationToken)
{
if (!string.IsNullOrEmpty(PersonalAccessToken) && !isRetry)
{
return(Task.FromResult(new CredentialResponse(new NetworkCredential(PersonalAccessToken, string.Empty))));
}
return(Task.FromResult(new CredentialResponse(CredentialStatus.UserCanceled)));
}
/// <param name="uri">The uri of a web resource for which credentials are needed.</param>
/// <param name="proxy">Ignored. Proxy information will not be passed to plugins.</param>
/// <param name="type">
/// The type of credential request that is being made. Note that this implementation of
/// <see cref="ICredentialProvider"/> does not support providing proxy credenitials and treats
/// all other types the same.
/// </param>
/// <param name="isRetry">If true, credentials were previously supplied by this
/// provider for the same uri.</param>
/// <param name="message">A message provided by NuGet to show to the user when prompting.</param>
/// <param name="nonInteractive">If true, the plugin must not prompt for credentials.</param>
/// <param name="cancellationToken">A cancellation token.</param>
/// <returns>A credential object.</returns>
public async Task <CredentialResponse> GetAsync(Uri uri, IWebProxy proxy, CredentialRequestType type, string message, bool isRetry, bool nonInteractive, CancellationToken cancellationToken)
{
CredentialResponse taskResponse = null;
if (type == CredentialRequestType.Proxy || !_isAnAuthenticationPlugin)
{
taskResponse = new CredentialResponse(CredentialStatus.ProviderNotApplicable);
return(taskResponse);
}
var plugin = await _pluginManager.CreateSourceAgnosticPluginAsync(_discoveredPlugin, cancellationToken);
if (!string.IsNullOrEmpty(plugin.Message))
{
// There is a potential here for double logging as the CredentialService itself catches the exceptions and tries to log it.
// In reality the logger in the Credential Service will be null because the first request always comes from a resource provider (ServiceIndex provider)
_logger.LogError(plugin.Message);
throw new PluginException(plugin.Message); // Throwing here will block authentication and ensure that the complete operation fails
}
_isAnAuthenticationPlugin = plugin.Claims.Contains(OperationClaim.Authentication);
if (_isAnAuthenticationPlugin)
{
AddOrUpdateLogger(plugin.Plugin);
await SetPluginLogLevelAsync(plugin, _logger, cancellationToken);
if (proxy != null)
{
await SetProxyCredentialsToPlugin(uri, proxy, plugin, cancellationToken);
}
var request = new GetAuthenticationCredentialsRequest(uri, isRetry, nonInteractive);
var credentialResponse = await plugin.Plugin.Connection.SendRequestAndReceiveResponseAsync <GetAuthenticationCredentialsRequest, GetAuthenticationCredentialsResponse>(
MessageMethod.GetAuthenticationCredentials,
request,
cancellationToken);
if (credentialResponse.ResponseCode == MessageResponseCode.NotFound && nonInteractive)
{
_logger.LogWarning(
string.Format(
CultureInfo.CurrentCulture,
Resources.SecurePluginWarning_UseInteractiveOption)
);
}
taskResponse = GetAuthenticationCredentialsResponseToCredentialResponse(credentialResponse);
}
else
{
taskResponse = new CredentialResponse(CredentialStatus.ProviderNotApplicable);
}
return(taskResponse);
}
private async Task <ICredentials> PromptForCredentialsAsync(
CredentialRequestType type,
string message,
AmbientAuthenticationState authState,
ILogger log,
CancellationToken token)
{
ICredentials promptCredentials;
// Only one prompt may display at a time.
await _credentialPromptLock.WaitAsync();
try
{
// Get the proxy for this URI so we can pass it to the credentialService methods
// this lets them use the proxy if they have to hit the network.
var proxyCache = ProxyCache.Instance;
var proxy = proxyCache?.GetProxy(_packageSource.SourceUri);
promptCredentials = await _credentialService
.GetCredentialsAsync(_packageSource.SourceUri, proxy, type, message, token);
if (promptCredentials == null)
{
// If this is the case, this means none of the credential providers were able to
// handle the credential request or no credentials were available for the
// endpoint.
authState.Block();
}
else
{
authState.Increment();
}
}
catch (OperationCanceledException)
{
// This indicates a non-human cancellation.
throw;
}
catch (Exception e)
{
// If this is the case, this means there was a fatal exception when interacting
// with the credential service (or its underlying credential providers). Either way,
// block asking for credentials for the live of this operation.
log.LogError(ExceptionUtilities.DisplayMessage(e));
promptCredentials = null;
authState.Block();
}
finally
{
_credentialPromptLock.Release();
}
return(promptCredentials);
}
CredentialType GetCredentialType(CredentialRequestType type)
{
switch (type)
{
case CredentialRequestType.Proxy:
return(CredentialType.ProxyCredentials);
default:
return(CredentialType.RequestCredentials);
}
}
ICredentials GetCredentials(Uri uri, IWebProxy proxy, CredentialRequestType credentialType, bool retrying)
{
NetworkCredential credentials;
// If we are retrying, the stored credentials must be invalid.
if (!retrying && (credentialType != CredentialRequestType.Proxy) && TryGetCredentials(uri, out credentials))
{
return(credentials);
}
return(null);
}
public async Task <bool> TryUpdateCredentialsAsync(Uri uri, IWebProxy proxy, CredentialRequestType type, CancellationToken cancellationToken)
{
// This value will cause the web proxy service to first attempt to retrieve
// credentials from its cache and fall back to prompting if necessary.
const __VsWebProxyState oldState = __VsWebProxyState.VsWebProxyState_DefaultCredentials;
// This must be run on the UI thread in case a prompt has to be shown to retrieve the credentials
await ThreadHelper.JoinableTaskFactory.SwitchToMainThreadAsync();
var result = _vsWebProxy.PrepareWebProxy(uri.OriginalString, (uint)oldState, out var newState, fOkToPrompt: 1);
return(result == 0 && newState != (uint)__VsWebProxyState.VsWebProxyState_Abort);
}
public Task <CredentialResponse> GetAsync(Uri uri, IWebProxy proxy, CredentialRequestType type, string message, bool isRetry, bool nonInteractive, CancellationToken cancellationToken)
{
if (isRetry)
{
return(Task.FromResult(new CredentialResponse(CredentialStatus.UserCanceled)));
}
var credentials = _credentialManager.GetForUri(uri);
if (credentials != null)
{
return(Task.FromResult(new CredentialResponse(credentials)));
}
return(Task.FromResult(new CredentialResponse(CredentialStatus.UserCanceled)));
}
public static string GetCacheKey(Uri uri, CredentialRequestType type, ICredentialProvider provider)
{
// Note: don't cache by root uri, just remove catalog info
//var rootUri = uri.GetRootUri();
const string IndexName = "index.json";
var rootUrl = uri.ToString();
if (rootUrl.EndsWithIgnoreCase(IndexName))
{
rootUrl = rootUrl.Substring(0, rootUrl.Length - IndexName.Length);
}
return(GetUriKey(new Uri(rootUrl, UriKind.RelativeOrAbsolute), type, provider));
}
public Task <CredentialResponse> GetAsync(
Uri uri,
IWebProxy proxy,
CredentialRequestType type,
string message,
bool isRetry,
bool nonInteractive,
CancellationToken cancellationToken) =>
Task.FromResult(
new CredentialResponse(
new NetworkCredential(
"CKli",
_secretAzureKeys.Single(p => new Uri(p.Key).ToString() == uri.ToString()).Value
)
)
);
bool TryFromCredentialCache(Uri uri, CredentialRequestType type, bool isRetry, ICredentialProvider provider,
out CredentialResponse credentials)
{
credentials = null;
var key = CredentialCacheKey(uri, type, provider);
if (isRetry)
{
CredentialResponse removed;
_providerCredentialCache.TryRemove(key, out removed);
return(false);
}
return(_providerCredentialCache.TryGetValue(key, out credentials));
}
public async Task <CredentialResponse> GetAsync(Uri uri, IWebProxy proxy, CredentialRequestType type, string message, bool isRetry, bool nonInteractive, CancellationToken cancellationToken)
{
if (isRetry)
{
Log.Debug($"Retrying to request credentials for '{uri}'");
}
else
{
Log.Debug($"Requesting credentials for '{uri}'");
}
bool?result = null;
var uriString = uri.ToString().ToLower();
var credentialsPrompter = new CredentialsPrompter(_configurationService)
{
Target = uriString,
AllowStoredCredentials = !isRetry && _canAccessStoredCredentials,
ShowSaveCheckBox = true,
WindowTitle = "Credentials required",
MainInstruction = "Credentials are required to access this feed",
Content = message,
IsAuthenticationRequired = true
};
result = credentialsPrompter.ShowDialog();
if (result ?? false)
{
//creating success response
Log.Debug("Successfully requested credentials for '{0}' using user '{1}'", uri, credentialsPrompter.UserName);
//creating network credentials
var nugetCredentials = new NetworkCredential(credentialsPrompter.UserName, credentialsPrompter.Password);
var response = new CredentialResponse(nugetCredentials);
return(response);
}
else
{
Log.Debug("Failed to request credentials for '{0}'", uri);
return(new CredentialResponse(CredentialStatus.UserCanceled));
}
}
/// <summary>
/// Returns <see cref="CredentialCache.DefaultNetworkCredentials"/>, or
/// <see cref="CredentialStatus.ProviderNotApplicable"/> if this is a retry
/// </summary>
/// <remarks>
/// If the flag to delay using default credentials until after plugin credential provicers run is not enabled,
/// this always returns <see cref="CredentialStatus.ProviderNotApplicable"/>.
/// </remarks>
/// <param name="uri">Ignored.</param>
/// <param name="proxy">Ignored.</param>
/// <param name="type">Ignored.</param>
/// <param name="message">Ignored.</param>
/// <param name="isRetry">
/// If true, returns <see cref="CredentialStatus.ProviderNotApplicable"/> instead of default credentials
/// </param>
/// <param name="nonInteractive">Ignored.</param>
/// <param name="cancellationToken">Ignored.</param>
public Task <CredentialResponse> GetAsync(
Uri uri,
IWebProxy proxy,
CredentialRequestType type,
string message,
bool isRetry,
bool nonInteractive,
CancellationToken cancellationToken)
{
if (isRetry)
{
return(Task.FromResult(new CredentialResponse(CredentialStatus.ProviderNotApplicable)));
}
return(Task.FromResult(
new CredentialResponse(CredentialCache.DefaultNetworkCredentials)));
}
public Task <CredentialResponse> GetAsync(Uri uri, IWebProxy proxy, CredentialRequestType type, string message, bool isRetry, bool nonInteractive, CancellationToken cancellationToken)
{
if (!isRetry)
{
var nugetSettings = Settings.LoadDefaultSettings(null);
foreach (var packageSource in SettingsUtility.GetEnabledSources(nugetSettings))
{
if (packageSource.Credentials != null &&
packageSource.Credentials.IsValid() &&
packageSource.TrySourceAsUri == uri)
{
return(Task.FromResult(new CredentialResponse(packageSource.Credentials.ToICredentials())));
}
}
}
return(Task.FromResult(new CredentialResponse(CredentialStatus.UserCanceled)));
}
public Task <CredentialResponse> GetAsync(
Uri uri,
IWebProxy proxy,
CredentialRequestType type,
string message,
bool isRetry,
bool nonInteractive,
CancellationToken cancellationToken) =>
System.Threading.Tasks.Task.FromResult(
new CredentialResponse(
new NetworkCredential(
"CKli",
_ctx.InteractiveEnvironmentVariable(
_vstsFeeds.Single(p => new Uri(p.Url).ToString() == uri.ToString()).SecretKeyName
)
)
)
);
public async Task <bool> TryUpdateCredentialsAsync(Uri uri, IWebProxy proxy, CredentialRequestType type, CancellationToken cancellationToken)
{
if (!CanUpdateCredentials)
{
return(false);
}
var updatedCredentials = await _credentialProvider.GetCredentialsAsync(uri, proxy, type, cancellationToken);
if (updatedCredentials != null)
{
_credentialsWrapper.UpdateCredentials(updatedCredentials);
return(true);
}
else
{
return(false);
}
}
private async Task <NetworkCredential> GetPackageSourceCredential(
CredentialRequestType requestType,
PackageSource packageSource,
CancellationToken cancellationToken)
{
if (packageSource.Credentials != null && packageSource.Credentials.IsValid())
{
return(new NetworkCredential(packageSource.Credentials.Username, packageSource.Credentials.Password));
}
if (_credentialService == null)
{
return(null);
}
string message;
if (requestType == CredentialRequestType.Unauthorized)
{
message = string.Format(
CultureInfo.CurrentCulture,
Strings.Http_CredentialsForUnauthorized,
packageSource.Source);
}
else
{
message = string.Format(
CultureInfo.CurrentCulture,
Strings.Http_CredentialsForForbidden,
packageSource.Source);
}
var sourceUri = packageSource.SourceUri;
var credentials = await _credentialService.GetCredentialsAsync(
sourceUri,
_proxy,
requestType,
message,
cancellationToken);
return(credentials?.GetCredential(sourceUri, authType: null));
}
/// <summary>
/// Gets an existing credential without prompting the user.
/// </summary>
CredentialResponse GetExistingCredential(Uri uri, IWebProxy proxy, CredentialRequestType type)
{
CredentialType credentialType = GetCredentialType(type);
Tuple <string, string> existing = null;
if (credentialType == CredentialType.ProxyCredentials)
{
Uri proxyUri = proxy?.GetProxy(uri);
if (proxyUri != null)
{
existing = PasswordService.GetWebUserNameAndPassword(proxyUri);
}
}
if (existing == null)
{
var rootUri = new Uri(uri.GetComponents(UriComponents.SchemeAndServer, UriFormat.SafeUnescaped));
existing =
PasswordService.GetWebUserNameAndPassword(uri) ??
PasswordService.GetWebUserNameAndPassword(rootUri);
}
if (existing != null && existing.Item1 != null && existing.Item2 != null)
{
var credentials = new NetworkCredential(existing.Item1, existing.Item2);
// For some reason even though the proxy.Credentials is assigned the
// ProxyCache.Instance the credentials are not found so they are
// explicitly set on the proxy here.
if (credentialType == CredentialType.ProxyCredentials && proxy != null)
{
proxy.Credentials = credentials;
}
return(new CredentialResponse(credentials));
}
return(new CredentialResponse(CredentialStatus.ProviderNotApplicable));
}
/// <param name="uri">The uri of a web resource for which credentials are needed.</param>
/// <param name="proxy">Ignored. Proxy information will not be passed to plugins.</param>
/// <param name="type">
/// The type of credential request that is being made. Note that this implementation of
/// <see cref="ICredentialProvider"/> does not support providing proxy credenitials and treats
/// all other types the same.
/// </param>
/// <param name="isRetry">If true, credentials were previously supplied by this
/// provider for the same uri.</param>
/// <param name="message">A message provided by NuGet to show to the user when prompting.</param>
/// <param name="nonInteractive">If true, the plugin must not prompt for credentials.</param>
/// <param name="cancellationToken">A cancellation token.</param>
/// <returns>A credential object.</returns>
public async Task <CredentialResponse> GetAsync(Uri uri, IWebProxy proxy, CredentialRequestType type, string message, bool isRetry, bool nonInteractive, CancellationToken cancellationToken)
{
CredentialResponse taskResponse = null;
if (type == CredentialRequestType.Proxy || !_isAnAuthenticationPlugin)
{
taskResponse = new CredentialResponse(CredentialStatus.ProviderNotApplicable);
return(taskResponse);
}
var plugin = await _pluginManager.CreateSourceAgnosticPluginAsync(_discoveredPlugin, cancellationToken);
_isAnAuthenticationPlugin = plugin.Claims.Contains(OperationClaim.Authentication);
if (_isAnAuthenticationPlugin)
{
AddOrUpdateLogger(plugin.Plugin);
if (proxy != null)
{
await SetProxyCredentialsToPlugin(uri, proxy, plugin, cancellationToken);
}
var request = new GetAuthenticationCredentialsRequest(uri, isRetry, nonInteractive);
var credentialResponse = await plugin.Plugin.Connection.SendRequestAndReceiveResponseAsync <GetAuthenticationCredentialsRequest, GetAuthenticationCredentialsResponse>(
MessageMethod.GetAuthenticationCredentials,
request,
cancellationToken);
taskResponse = GetAuthenticationCredentialsResponseToCredentialResponse(credentialResponse);
}
else
{
taskResponse = new CredentialResponse(CredentialStatus.ProviderNotApplicable);
}
return(taskResponse);
}
public async Task <CredentialResponse> GetAsync(Uri uri, IWebProxy proxy, CredentialRequestType type, string message, bool isRetry, bool nonInteractive, CancellationToken cancellationToken)
{
if (nonInteractive)
{
return(new CredentialResponse(CredentialStatus.ProviderNotApplicable));
}
var success = false;
NetworkCredential credential = null;
await _uiServices.BeginInvoke(() =>
{
success = _uiServices.OpenCredentialsDialog(uri.GetLeftPart(UriPartial.Authority), out credential);
});
cancellationToken.ThrowIfCancellationRequested();
if (success)
{
return(new CredentialResponse(credential));
}
return(new CredentialResponse(CredentialStatus.UserCanceled));
}
/// <summary>
/// Provides credentials for http requests.
/// </summary>
/// <param name="uri">
/// The URI of a web resource for which credentials are needed.
/// </param>
/// <param name="proxy">
/// The currently configured proxy. It may be necessary for CredentialProviders
/// to use this proxy in order to acquire credentials from their authentication source.
/// </param>
/// <param name="type">
/// The type of credential request that is being made.
/// </param>
/// <param name="message">
/// A default, user-readable message explaining why they are being prompted for credentials.
/// The credential provider can choose to ignore this value and write their own message.
/// </param>
/// <param name="cancellationToken">A cancellation token.</param>
/// <returns>A credential object, or null if no credentials could be acquired.</returns>
public async Task <ICredentials> GetCredentialsAsync(
Uri uri,
IWebProxy proxy,
CredentialRequestType type,
string message,
CancellationToken cancellationToken)
{
if (uri == null)
{
throw new ArgumentNullException(nameof(uri));
}
ICredentials creds = null;
foreach (var provider in Providers)
{
cancellationToken.ThrowIfCancellationRequested();
var retryKey = RetryCacheKey(uri, type, provider);
var isRetry = _retryCache.ContainsKey(retryKey);
try {
// This local semaphore ensures one provider active per process.
// We can consider other ways to allow more concurrency between providers, but need to
// ensure that only one interactive dialogue is ever presented at a time, and that
// providers are not writing shared resources.
// Since this service is called only when cached credentials are not available to the caller,
// such an optimization is likely not necessary.
ProviderSemaphore.WaitOne();
CredentialResponse response;
if (!TryFromCredentialCache(uri, type, isRetry, provider, out response))
{
response = await provider.GetAsync(
uri,
proxy,
type,
message,
isRetry,
_nonInteractive,
cancellationToken);
// Check that the provider gave us a valid response.
if (response == null || (response.Status != CredentialStatus.Success &&
response.Status != CredentialStatus.ProviderNotApplicable &&
response.Status != CredentialStatus.UserCanceled))
{
throw new ProviderException(GettextCatalog.GetString("Credential provider gave an invalid response."));
}
if (response.Status != CredentialStatus.UserCanceled)
{
AddToCredentialCache(uri, type, provider, response);
}
}
if (response.Status == CredentialStatus.Success)
{
_retryCache [retryKey] = true;
creds = response.Credentials;
break;
}
} finally {
ProviderSemaphore.Release();
}
}
return(creds);
}
static string GetUriKey(Uri uri, CredentialRequestType type, ICredentialProvider provider)
{
return($"{provider.Id}_{type == CredentialRequestType.Proxy}_{uri}");
}
static string CredentialCacheKey(Uri uri, CredentialRequestType type, ICredentialProvider provider)
{
var rootUri = GetRootUri(uri);
return(GetUriKey(rootUri, type, provider));
}
static string RetryCacheKey(Uri uri, CredentialRequestType type, ICredentialProvider provider)
{
return(GetUriKey(uri, type, provider));
}
void AddToCredentialCache(Uri uri, CredentialRequestType type, ICredentialProvider provider,
CredentialResponse credentials)
{
_providerCredentialCache [CredentialCacheKey(uri, type, provider)] = credentials;
}
