Add proxy credential support

[MKlimenko]

Problem: BITS wouldn't download anything from behind a typical corporate proxy

Solution: Check the URL availability and ask for proxy credentials if required.

[msftclas]

Hi @MKlimenko, I'm your friendly neighborhood Microsoft Pull Request Bot (You can call me MSBOT). Thanks for your contribution!

This seems like a small (but important) contribution, so no Contribution License Agreement is required at this point. Real humans will now evaluate your PR.

TTYL, MSBOT;

[ras0219-msft]

Thank you for figuring this out!

One key design tenant of our UX is that we want to hold the user "captive" in a sub-environment as little as possible, instead preferring to exit to the command line and provide instruction on how to restart the process in a way that will fix the problem. We believe this makes the tool more reliable in an unattended setting as well as more comfortable for command line power users.

Is there a reasonable restructuring here that would be more in line with the above?

[MKlimenko]

Hello Robert,

It looks to me the best way to achieve this, since it requires no additional software and/or command line usage. It's possible to save the credentials in some sort of configuration file, but since it requires to store confidential information (proxy password), it may be not the wisest solution.

Also I'd like to mention that this fix in no way affects users with no proxy.

[ras0219-msft]

Related: #702 #252

[ras0219-msft]

Ok, that makes sense.

The one remaining issue then is how this can be used in an unattended setting, like on a build cluster.

The obvious way this could work (afaict) would be that the user calls

$PSDefaultParameterValues.Add("Start-BitsTransfer:ProxyAuthentication","Basic") 
$PSDefaultParameterValues.Add("Start-BitsTransfer:ProxyCredential",$ProxyCred) 

inside their powershell session before running bootstrap.ps1. It's not clear to me whether this will work in that scenario -- will the condition !$WC.Proxy.IsBypassed($url) be correctly affected?

[MKlimenko]

There is a way to pass the proxy credentials without a pop up window:

$password = ConvertTo-SecureString "Password_here" -AsPlainText -Force
$proxy_credentials = New-Object System.Management.Automation.PSCredential ("username", $password)

For example, $proxy_credentials may be declared in the bootstrap.ps1 file and will be visible from all the called scripts. The problem is that the password is being stored as a plain text (which is not secure) and it requires to modify the bootstrap.ps1 (not user-friendly).

There is another way, when both login and password are being passed as a command line arguments to the bootstrap.ps1. If those arguments are present, we create a PSCredential object. Then, inside the fetchDependency.ps1, after the proxy check ($ProxyAuth = !$WC.Proxy.IsBypassed($url)), check if $proxy_credentials is empty, if it is, pop up a window. Use existing credentials otherwise.

[ras0219-msft]

There is another way, when both login and password are being passed as a command line arguments to the bootstrap.ps1. If those arguments are present, we create a PSCredential object. Then, inside the fetchDependency.ps1, after the proxy check ($ProxyAuth = !$WC.Proxy.IsBypassed($url)), check if $proxy_credentials is empty, if it is, pop up a window. Use existing credentials otherwise.

Since powershell is OO, we could accept the PSCredential object directly, avoiding any use of plaintext passwords.

[martin-s]

You should save the credentials to the webclient at the end:
$WC.Proxy.Credentials = $ProxyCred