-
Notifications
You must be signed in to change notification settings - Fork 604
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passwords With percent sign causes Authentication Error in GitAuthorizeAttribute #704
Comments
Thanks for this - I think you're right and there's no reason for those The calls got added before my time, and as part of a large modification by someone who's no longer involved, so I'm not really sure of their history. If you concur that they're a completely unnecessary mistake we'll remove them. |
Same issue for me, but with question mark (?) in the password. (AD integration) |
If a user's password contains a percent sign, the
GitAuthorizeAttribute.IsUserAuthorized()
method will incorrectly decode the password which always results in an Authentication failure. This is due to the use ofUri.UnescapeDataString()
to extract the password out of the decoded auth header value.For example,
Password%4299
would be decoded toPasswordB99
before the authentication attempt.This is with the following config options:
<add key="AuthenticationProvider" value="Cookies" />
<add key="MembershipService" value="Internal" />
The text was updated successfully, but these errors were encountered: