CodeSOD: Providing Authentication

Paulette's team had built a wrapper method around the C# authentication APIs that acted as a convenience function. Called GetAuthenticationProvider, it accepted two parameters. The first, a string, could be used to look up the provider's type in a lookup table. The second was a boolean, which indicated whether it should be an local authentication provider, or an external provider (e.g., OAuth). At least, that's what the documentation says.

The function would find and/or construct the correct type of provider, and return it. They all shared an interface, so this all should work just fine.

But Paulette was left trying to understand the reasoning that lead to this line:

return GetAuthenticationProvider(string.Empty, false).GetType() == GetAuthenticationProvider(string.Empty, true).GetType();

This fetches a local provider and an external provider, and compares their types. Which will not be the same, since they are intentionally not the same type. The line is equivalent to return false, but is doing more for some reason.

Why? No idea. Or, to put it in Paulette's more colorful description:

Real simple line of code, which always works in the same consistent way. It makes a lot of sense for everyone.
In the left corner, supposedly obtaining local authentication provider.
In the right corner, supposedly obtaining external authentication provider.
Rest is history.

The "supposedly" is a hint that perhaps the method doesn't work as its documentation suggests. Or maybe it does do as the documentation suggests. Or maybe it just does what the documentation suggests it should sometimes. It's a mystery.

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

This post originally appeared on The Daily WTF.

Leave a Reply

Your email address will not be published. Required fields are marked *