From 5dd8aeef201ba14eb02a8039b38b1701be10dd1d Mon Sep 17 00:00:00 2001 From: Hector Grebbell Date: Wed, 18 Jul 2018 21:31:43 +0100 Subject: [PATCH 1/2] Expose HttpWebRequest.UnsafeAuthenticatedConnectionSharing on Core/ExchangeServiceBase.cs. By default a new connection is used per authenticated request. Exposing UnsafeAuthenticatedConnectionSharing allows callers aware of the security considerations to opt in to connection reuse. --- Core/EwsHttpWebRequest.cs | 9 +++++++++ Core/ExchangeServiceBase.cs | 17 +++++++++++++++++ Interfaces/IEwsHttpWebRequest.cs | 8 ++++++++ 3 files changed, 34 insertions(+) diff --git a/Core/EwsHttpWebRequest.cs b/Core/EwsHttpWebRequest.cs index dc5705b4..d07a17bc 100644 --- a/Core/EwsHttpWebRequest.cs +++ b/Core/EwsHttpWebRequest.cs @@ -284,6 +284,15 @@ public bool KeepAlive set { this.request.KeepAlive = value; } } + /// + /// Gets or sets a value that indicates whether to allow high-speed NTLM-authenticated connection sharing. + /// + public bool UnsafeAuthenticatedConnectionSharing + { + get { return this.request.UnsafeAuthenticatedConnectionSharing; } + set { this.request.UnsafeAuthenticatedConnectionSharing = value; } + } + /// /// Gets or sets the name of the connection group for the request. /// diff --git a/Core/ExchangeServiceBase.cs b/Core/ExchangeServiceBase.cs index da3303a8..cd1dd080 100644 --- a/Core/ExchangeServiceBase.cs +++ b/Core/ExchangeServiceBase.cs @@ -81,6 +81,7 @@ public abstract class ExchangeServiceBase private string userAgent = ExchangeService.defaultUserAgent; private bool acceptGzipEncoding = true; private bool keepAlive = true; + private bool unsafeAuthenticatedConnectionSharing = false; private string connectionGroupName; private string clientRequestId; private bool returnClientRequestId; @@ -823,6 +824,22 @@ public bool KeepAlive } } + /// + /// Gets or sets a value that indicates whether to allow high-speed NTLM-authenticated connection sharing. + /// + public bool UnsafeAuthenticatedConnectionSharing + { + get + { + return this.unsafeAuthenticatedConnectionSharing; + } + + set + { + this.unsafeAuthenticatedConnectionSharing = value; + } + } + /// /// Gets or sets the name of the connection group for the request. /// diff --git a/Interfaces/IEwsHttpWebRequest.cs b/Interfaces/IEwsHttpWebRequest.cs index caa2df6e..8bca4d35 100644 --- a/Interfaces/IEwsHttpWebRequest.cs +++ b/Interfaces/IEwsHttpWebRequest.cs @@ -228,6 +228,14 @@ bool KeepAlive get; set; } + /// + /// Gets or sets a value that indicates whether to allow high-speed NTLM-authenticated connection sharing. + /// + bool UnsafeAuthenticatedConnectionSharing + { + get; set; + } + /// /// Gets or sets the name of the connection group for the request. /// From d5ee0458ba173d6d9ccf7cdc5c9b1d6d9875ed5c Mon Sep 17 00:00:00 2001 From: hectorgrebbell Date: Thu, 19 Jul 2018 10:42:31 +0100 Subject: [PATCH 2/2] Expose unsafeAuthenticatedConnectionSharing bug In original commit missed setting on request and service clone due to editing from Linux machine without ability to build or test. --- Core/ExchangeServiceBase.cs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Core/ExchangeServiceBase.cs b/Core/ExchangeServiceBase.cs index cd1dd080..95f2e6fe 100644 --- a/Core/ExchangeServiceBase.cs +++ b/Core/ExchangeServiceBase.cs @@ -147,6 +147,7 @@ internal IEwsHttpWebRequest PrepareHttpWebRequestForUrl( request.AllowAutoRedirect = allowAutoRedirect; request.CookieContainer = this.CookieContainer; request.KeepAlive = this.keepAlive; + request.UnsafeAuthenticatedConnectionSharing = this.unsafeAuthenticatedConnectionSharing ; request.ConnectionGroupName = this.connectionGroupName; if (acceptGzipEncoding) @@ -546,6 +547,7 @@ internal ExchangeServiceBase(ExchangeServiceBase service, ExchangeVersion reques this.userAgent = service.userAgent; this.acceptGzipEncoding = service.acceptGzipEncoding; this.keepAlive = service.keepAlive; + this.unsafeAuthenticatedConnectionSharing = service.unsafeAuthenticatedConnectionSharing ; this.connectionGroupName = service.connectionGroupName; this.timeZone = service.timeZone; this.httpHeaders = service.httpHeaders; @@ -942,4 +944,4 @@ internal IEwsHttpWebRequestFactory HttpWebRequestFactory #endregion } -} \ No newline at end of file +}