In some scenarios, activation requests submitted to the Software Potential Activation Service by the SpAgent runtime may need to traverse an authenticating proxy. We are aware of some issues with our current SpAgent runtime proxy handling that cause customers problems when attempting to activate a license.
To address these issues, with release of SpAgent v4.0.2017 we have introduced a new ProxyConfiguration policy that controls authenticating proxy handling behavior for activation requests.
Current Behavior
In SpAgent v4.0.2016 and older, if the runtime detects that the Activation Service URI is proxied it automatically sets the proxy on the activation request to use the DefaultCredentials of the user running the application. Typically, these are the network credentials used to authenticate the user on the machine. The newly assigned proxy overrides the default proxy set on the activation request by the application in code or by configuration and it is not possible to override this proxy set by SpAgent. This approach can cause problems where either:
- the application is run by a non-interactive account that does not have network credentials e.g. a service running under NETWORK SERVICE or LOCAL SYSTEM or
- the proxy is not configured to use network credentials e.g. uses an internal user repository for basic authentication.
New Behavior
With the release of SpAgent 4.0.2017, a new ProxyConfigurationPolicy dictates proxy behavior when requests to the Activation Service must pass through an authenticating proxy. The default policy is to do nothing and to leave unchanged any default proxy assigned on the activation request at machine or application level. It is, however, possible to create a policy that overrides the default proxy and adds a proxy with appropriate credentials to the activation request.
NOTE: This new behavior is not supported in SpAgent when developing NETSTANDARD or NETCOREAPP applications.
Setting Proxy Configuration Policy
The proxy configuration policy is set via the fluent configuration API in Sp.Product.Customisations.cs:
static partial void ConfigureProduct( IProductContext productContext ) { productContext.Configure( configure => configure .Activation.Customize( activation => activation .WithTagging( AddActivationTags ) .WithTransmission( activationTransmission => activationTransmission .WithRetryPolicyDefault() .WithEndpointSelectionPolicyDefault() .BeforeEachAttempt( WhenActivating ) .WithProxyConfigurationPolicy( SetProxyConfigurationPolicy ) .CompleteWithDefaults() ) .WithDeviceLabelPolicy( SetDeviceLabelPolicy ) .CompleteWithDefaults() ) .CompleteWithDefaults() ); }
SetProxyConfigurationPolicy
The policy is set in SetProxyConfigurationPolicy()
method in Sp.Product.Customisations.cs:
/// <summary> /// <param name = "activationEndpoint"> /// <para>The Activation service endpoint to which activation requests are submitted.</para> /// </param> /// Use this method to explicitly set a proxy that overrides the current proxy on the Activation request. /// Returns null by default so as not to override the current proxy on the Activation request.. /// </summary> /// <example> /// In full framework runtime versions prior to 4.0.2016 the activation service would attempt to /// detect the default proxy for the activation endpoint and configure it to use default credentials. /// This can be achieved as follows: /// <code> /// static IWebProxy SetProxyConfigurationPolicy( Uri activationEndpoint ) /// { /// var proxiedAddress = WebRequest.DefaultWebProxy.GetProxy( activationEndpoint ); /// if ( !activationEndpoint.Equals( proxiedAddress ) ) /// return new WebProxy( proxiedAddress ) { UseDefaultCredentials = true }; /// return null;
/// } /// </code> /// </example>static IWebProxy SetProxyConfigurationPolicy( Uri activationEndpoint ) { { return null; }
Policy Options
No Action
To leave the default proxy unchanged on the activation request, this method should NOT be modified i.e. it should return NULL.
Add Proxy with UseDefaultCredentials = True
To add a new proxy to the activation request with UseDefaultCredentials set to True:
static IWebProxy SetProxyConfigurationPolicy( Uri activationEndpoint ) { var proxyAddress = GetProxyAddressForActivationService( activationEndpoint ); return new WebProxy( proxyAddress ) { UseDefaultCredentials = true }; }
You will need to implement a method to retrieve the proxy address from within your application e.g. from an application configuration setting.
Instead of setting the proxy address explicitly in your application, you can detect the address of the default proxy and use that address in new proxy:
static IWebProxy SetProxyConfigurationPolicy( Uri activationEndpoint ) { var proxiedAddress = WebRequest.DefaultWebProxy.GetProxy( activationEndpoint ); if ( !activationEndpoint.Equals( proxiedAddress ) ) return new WebProxy( proxiedAddress ) { UseDefaultCredentials = true }; return null; }
Adding a proxy with the address of the default proxy and with UseDefaultCredentials set to True is the default behavior in SpAgent releases prior to 4.0.2017.
Add Proxy with User Credentials
To set a proxy with specific user credentials:
static IWebProxy SetProxyConfigurationPolicy( Uri activationEndpoint ) { var proxiedAddress = WebRequest.DefaultWebProxy.GetProxy( activationEndpoint ); if ( !activationEndpoint.Equals( proxiedAddress ) ) return new WebProxy( proxiedAddress ) { UseDefaultCredentials = false, Credentials = new NetworkCredential("johndoe", "johndoepassword") }; return null; }
Comments
0 comments
Article is closed for comments.