[dotnet-svcutil] add opt-in default credentials option

src/dotnet-svcutil/lib/src/CmdCredentialsProvider.cs

@@ -45,6 +45,10 @@ private void ShowAuthenticationConsent()
                 _authMessageShown = true;
 
                 Console.WriteLine();
+                if (!UseDefaultCredentials)
+                {
+                    Console.WriteLine(SR.HintUseDefaultCredentials);
+                }
                 Console.WriteLine(SR.WrnUserBasicCredentialsInClearText);
                 PromptEnterOrEscape(throwOnEscape: true);
             }
@@ -69,6 +73,7 @@ private X509Certificate2Collection Certificates
         }
 
         internal bool AcceptCert { get; set; }
+        internal bool UseDefaultCredentials { get; set; }
 
         public X509Certificate2Collection GetCertificates()
         {
@@ -237,7 +242,7 @@ private bool PromptUserOnInvalidCert(X509Certificate cert, SslPolicyErrors sslPo
 
         public object Clone()
         {
-            return new CmdCredentialsProvider() { AcceptCert = AcceptCert };            
+            return new CmdCredentialsProvider() { AcceptCert = AcceptCert, UseDefaultCredentials = UseDefaultCredentials };            
         }
 
         #endregion

src/dotnet-svcutil/lib/src/CommandProcessorOptions.cs

@@ -59,7 +59,7 @@ public bool NoTypeReuse
         internal const string WCFCSParamsFileName = "ConnectedService.json";
         internal const string BaseServiceReferenceName = "ServiceReference";
 
-        private static readonly List<string> s_cmdLineOverwriteSwitches = new List<string> { Switches.NoLogo.Name, Switches.Verbosity.Name, Switches.ToolContext.Name, Switches.ProjectFile.Name, Switches.AcceptCertificate.Name, Switches.ServiceContract.Name, Switches.Language.Name };
+        private static readonly List<string> s_cmdLineOverwriteSwitches = new List<string> { Switches.NoLogo.Name, Switches.Verbosity.Name, Switches.ToolContext.Name, Switches.ProjectFile.Name, Switches.AcceptCertificate.Name, Switches.UseDefaultCredentials.Name, Switches.ServiceContract.Name, Switches.Language.Name };
 
         internal class CommandSwitches
         {
@@ -93,6 +93,7 @@ internal class CommandSwitches
             public readonly CommandSwitch Verbosity = new CommandSwitch(VerbosityKey, "v", SwitchType.SingletonValue);
             public readonly CommandSwitch Wrapped = new CommandSwitch(WrappedKey, "wr", SwitchType.Flag);
             public readonly CommandSwitch AcceptCertificate = new CommandSwitch(AccecptCertificateKey, "ac", SwitchType.Flag);
+            public readonly CommandSwitch UseDefaultCredentials = new CommandSwitch(UseDefaultCredentialsKey, "udc", SwitchType.Flag);
             public readonly CommandSwitch ServiceContract = new CommandSwitch(ServiceContractKey, "sc", SwitchType.Flag);
             public readonly CommandSwitch Language = new CommandSwitch(LanguageKey, "l", SwitchType.SingletonValue, OperationalContext.Global);
 
@@ -273,6 +274,11 @@ internal async Task ProcessBasicOptionsAsync(ILogger logger, CancellationToken c
                 this.AcceptCert = false;
             }
 
+            if (!this.UseDefaultCredentials.HasValue)
+            {
+                this.UseDefaultCredentials = false;
+            }
+
             if (!this.ServiceContract.HasValue)
             {
                 this.ServiceContract = false;

src/dotnet-svcutil/lib/src/HelpGenerator.cs

@@ -71,6 +71,7 @@ private static void WriteCodeGenerationHelp()
                     ArgumentInfo.CreateParameterHelpInfo(CommandProcessorOptions.Switches.RuntimeIdentifier.Name, SR.ParametersRuntimeIdentifier,                   string.Format(SR.HelpRuntimeIdentifierFormat, CommandProcessorOptions.Switches.RuntimeIdentifier.Abbreviation)),
                     ArgumentInfo.CreateParameterHelpInfo(CommandProcessorOptions.Switches.TargetFramework.Name,   SR.ParametersTargetFramework,                     string.Format(SR.HelpTargetFrameworkFormat, CommandProcessorOptions.Switches.TargetFramework.Abbreviation)),
                     ArgumentInfo.CreateFlagHelpInfo(     CommandProcessorOptions.Switches.AcceptCertificate.Name,                                                   string.Format(SR.HelpAcceptCertificateFormat, CommandProcessorOptions.Switches.AcceptCertificate.Abbreviation)),
+                    ArgumentInfo.CreateFlagHelpInfo(     CommandProcessorOptions.Switches.UseDefaultCredentials.Name,                                                string.Format(SR.HelpUseDefaultCredentialsFormat, CommandProcessorOptions.Switches.UseDefaultCredentials.Abbreviation)),
                     ArgumentInfo.CreateFlagHelpInfo(     CommandProcessorOptions.Switches.ServiceContract.Name,                                                     string.Format(SR.HelpServiceContractFormat, CommandProcessorOptions.Switches.ServiceContract.Abbreviation)),
                     ArgumentInfo.CreateFlagHelpInfo(     CommandProcessorOptions.Switches.Language.Name,                                                            string.Format(SR.HelpLanguage, CommandProcessorOptions.Switches.Language.Abbreviation))
                 }

src/dotnet-svcutil/lib/src/Metadata/MetadaExchangeResolver.cs

@@ -49,6 +49,8 @@ private MetadataExchangeResolver(Binding binding) : base(binding)
 
         public IServerCertificateValidationProvider ServerCertificateValidationProvider { get; private set; }
 
+        public bool UseDefaultCredentials { get; private set; }
+
         public bool HasServiceMetadata
         {
             get
@@ -63,6 +65,16 @@ public static MetadataExchangeResolver Create(
             IHttpCredentialsProvider userCredentialsProvider,
             IClientCertificateProvider clientCertificatesProvider,
             IServerCertificateValidationProvider serverCertificateValidationProvider)
+        {
+            return Create(endpointAddress, userCredentialsProvider, clientCertificatesProvider, serverCertificateValidationProvider, useDefaultCredentials: false);
+        }
+
+        public static MetadataExchangeResolver Create(
+            EndpointAddress endpointAddress,
+            IHttpCredentialsProvider userCredentialsProvider,
+            IClientCertificateProvider clientCertificatesProvider,
+            IServerCertificateValidationProvider serverCertificateValidationProvider,
+            bool useDefaultCredentials)
         {
             if (endpointAddress == null)
             {
@@ -75,10 +87,14 @@ public static MetadataExchangeResolver Create(
             resolver.HttpCredentialsProvider = userCredentialsProvider;
             resolver.ClientCertificatesProvider = clientCertificatesProvider;
             resolver.ServerCertificateValidationProvider = serverCertificateValidationProvider;
+            resolver.UseDefaultCredentials = useDefaultCredentials;
             resolver.OperationTimeout = TimeSpan.MaxValue;
             resolver.ResolveMetadataReferences = true;
             resolver.MaximumResolvedReferences = MaximumResolvedReferencesDefault;
-            resolver.HttpCredentials = System.Net.CredentialCache.DefaultCredentials;
+            if (useDefaultCredentials)
+            {
+                resolver.HttpCredentials = System.Net.CredentialCache.DefaultCredentials;
+            }
 
             return resolver;
         }
@@ -221,7 +237,7 @@ private async Task<bool> ResolveMetadataAsync(Uri serviceUri, MetadataExchangeCl
 
         private async Task<bool> ResolveMetadataAsync(Stream stream, string baseUri, CancellationToken cancellationToken)
         {
-            var loader = new MetadataDocumentLoader(baseUri, this.HttpCredentialsProvider, this.ClientCertificatesProvider, this.ServerCertificateValidationProvider);
+            var loader = new MetadataDocumentLoader(baseUri, this.HttpCredentialsProvider, this.ClientCertificatesProvider, this.ServerCertificateValidationProvider, UseDefaultCredentials);
 
             try
             {
@@ -350,6 +366,10 @@ internal protected override HttpWebRequest GetWebRequest(Uri location, string di
             {
                 request.Credentials = _userCredentials;
             }
+            else if (UseDefaultCredentials)
+            {
+                request.Credentials = CredentialCache.DefaultCredentials;
+            }
 
 #if !NETCORE10
             if (_clientCertificate != null)

src/dotnet-svcutil/lib/src/Metadata/MetadataDocumentLoader.cs

@@ -39,6 +39,7 @@ public enum LoadState
         private readonly IHttpCredentialsProvider _httpCredentialsProvider;
         private readonly IClientCertificateProvider _clientCertificatesProvider;
         private readonly IServerCertificateValidationProvider _serverCertificateValidationProvider;
+        private readonly bool _useDefaultCredentials;
 
         private int? _hashCode;
         private readonly bool _resolveExternalDocs;
@@ -82,10 +83,16 @@ public enum LoadState
         /// <param name="clientCertificatesProvider"></param>
         /// <param name="serverCertificateValidationProvider"></param>
         public MetadataDocumentLoader(string uri, IHttpCredentialsProvider httpCredentialsProvider, IClientCertificateProvider clientCertificatesProvider, IServerCertificateValidationProvider serverCertificateValidationProvider)
+            : this(uri, httpCredentialsProvider, clientCertificatesProvider, serverCertificateValidationProvider, useDefaultCredentials: false)
+        {
+        }
+
+        public MetadataDocumentLoader(string uri, IHttpCredentialsProvider httpCredentialsProvider, IClientCertificateProvider clientCertificatesProvider, IServerCertificateValidationProvider serverCertificateValidationProvider, bool useDefaultCredentials)
         {
             _httpCredentialsProvider = httpCredentialsProvider;
             _clientCertificatesProvider = clientCertificatesProvider;
             _serverCertificateValidationProvider = serverCertificateValidationProvider;
+            _useDefaultCredentials = useDefaultCredentials;
 
             if (string.IsNullOrEmpty(uri))
             {
@@ -122,10 +129,16 @@ public MetadataDocumentLoader(string uri, IHttpCredentialsProvider httpCredentia
         /// <param name="clientCertificatesProvider"></param>
         /// <param name="serverCertificateValidationProvider"></param>
         public MetadataDocumentLoader(IEnumerable<string> metadataFiles, bool resolveExternalDocuments, IHttpCredentialsProvider httpCredentialsProvider, IClientCertificateProvider clientCertificatesProvider, IServerCertificateValidationProvider serverCertificateValidationProvider)
+            : this(metadataFiles, resolveExternalDocuments, httpCredentialsProvider, clientCertificatesProvider, serverCertificateValidationProvider, useDefaultCredentials: false)
+        {
+        }
+
+        public MetadataDocumentLoader(IEnumerable<string> metadataFiles, bool resolveExternalDocuments, IHttpCredentialsProvider httpCredentialsProvider, IClientCertificateProvider clientCertificatesProvider, IServerCertificateValidationProvider serverCertificateValidationProvider, bool useDefaultCredentials)
         {
             _httpCredentialsProvider = httpCredentialsProvider;
             _clientCertificatesProvider = clientCertificatesProvider;
             _serverCertificateValidationProvider = serverCertificateValidationProvider;
+            _useDefaultCredentials = useDefaultCredentials;
 
             if (metadataFiles == null)
             {
@@ -234,7 +247,8 @@ private async Task LoadAsync(string uri, string baseUrl, string basePath, Cancel
                             new EndpointAddress(serviceUri),
                             _httpCredentialsProvider?.Clone() as IHttpCredentialsProvider,
                             _clientCertificatesProvider?.Clone() as IClientCertificateProvider,
-                            _serverCertificateValidationProvider?.Clone() as IServerCertificateValidationProvider);
+                            _serverCertificateValidationProvider?.Clone() as IServerCertificateValidationProvider,
+                            _useDefaultCredentials);
 
                         var metadataSections = await metadataExchangeResolver.ResolveMetadataAsync(cancellationToken).ConfigureAwait(false);
                         _metadataSections.AddRange(metadataSections);
@@ -430,7 +444,7 @@ private async Task LoadAsEPRAsync(XmlNS.XmlReader reader, CancellationToken canc
             {
                 EndpointAddress epr = await AsyncHelper.RunAsync(() => EndpointAddress.ReadFrom(dictionaryReader), cancellationToken).ConfigureAwait(false);
 
-                MetadataExchangeResolver resolver = MetadataExchangeResolver.Create(epr, null, null, null);
+                MetadataExchangeResolver resolver = MetadataExchangeResolver.Create(epr, null, null, null, _useDefaultCredentials);
                 IEnumerable<MetadataSection> resolvedMetadata = await resolver.ResolveMetadataAsync(cancellationToken).ConfigureAwait(false);
                 _metadataSections.AddRange(resolvedMetadata);
             }
@@ -566,7 +580,8 @@ private async Task<Stream> DownloadSchemaImportAsync(Uri schemaUri, Cancellation
                                 new EndpointAddress(schemaUri),
                                 _httpCredentialsProvider?.Clone() as IHttpCredentialsProvider,
                                 _clientCertificatesProvider?.Clone() as IClientCertificateProvider,
-                                _serverCertificateValidationProvider?.Clone() as IServerCertificateValidationProvider);
+                                _serverCertificateValidationProvider?.Clone() as IServerCertificateValidationProvider,
+                                _useDefaultCredentials);
 
             return await metadataExchangeResolver.DownloadMetadataFileAsync(cancellationToken).ConfigureAwait(false);
         }

src/dotnet-svcutil/lib/src/Metadata/ServiceDescriptor.cs

@@ -31,26 +31,46 @@ internal ServiceDescriptor(
             IHttpCredentialsProvider userCredentialsProvider,
             IClientCertificateProvider clientCertificateProvider,
             IServerCertificateValidationProvider serverCertificateValidationProvider)
+            : this(serviceUri, userCredentialsProvider, clientCertificateProvider, serverCertificateValidationProvider, useDefaultCredentials: false)
+        {
+        }
+
+        internal ServiceDescriptor(
+            string serviceUri,
+            IHttpCredentialsProvider userCredentialsProvider,
+            IClientCertificateProvider clientCertificateProvider,
+            IServerCertificateValidationProvider serverCertificateValidationProvider,
+            bool useDefaultCredentials)
         {
             if (string.IsNullOrWhiteSpace(serviceUri))
             {
                 throw new ArgumentException(nameof(serviceUri));
             }
 
-            this.metadataDocumentLoader = new MetadataDocumentLoader(serviceUri, userCredentialsProvider, clientCertificateProvider, serverCertificateValidationProvider);
+            this.metadataDocumentLoader = new MetadataDocumentLoader(serviceUri, userCredentialsProvider, clientCertificateProvider, serverCertificateValidationProvider, useDefaultCredentials);
         }
         internal ServiceDescriptor(
            List<string> metadataFiles,
            IHttpCredentialsProvider userCredentialsProvider,
            IClientCertificateProvider clientCertificateProvider,
            IServerCertificateValidationProvider serverCertificateValidationProvider)
+            : this(metadataFiles, userCredentialsProvider, clientCertificateProvider, serverCertificateValidationProvider, useDefaultCredentials: false)
+        {
+        }
+
+        internal ServiceDescriptor(
+           List<string> metadataFiles,
+           IHttpCredentialsProvider userCredentialsProvider,
+           IClientCertificateProvider clientCertificateProvider,
+           IServerCertificateValidationProvider serverCertificateValidationProvider,
+           bool useDefaultCredentials)
         {
             if (metadataFiles == null)
             {
                 throw new ArgumentException(nameof(metadataFiles));
             }
 
-            this.metadataDocumentLoader = new MetadataDocumentLoader(metadataFiles, false, userCredentialsProvider, clientCertificateProvider, serverCertificateValidationProvider);
+            this.metadataDocumentLoader = new MetadataDocumentLoader(metadataFiles, false, userCredentialsProvider, clientCertificateProvider, serverCertificateValidationProvider, useDefaultCredentials);
         }
 
         internal ServiceDescriptor(MetadataDocumentLoader metadataDocumentLoader)

src/dotnet-svcutil/lib/src/SR.resx

@@ -622,6 +622,12 @@ Your credentials will be sent to the server in clear text.</value>
   <data name="HelpAcceptCertificateFormat" xml:space="preserve">
     <value>Accept remote certificate as trusted when downloading service metadata. (Short Form: -{0})</value>
   </data>
+  <data name="HelpUseDefaultCredentialsFormat" xml:space="preserve">
+    <value>Use default system credentials when downloading service metadata. Only use with trusted endpoints. (Short Form: -{0})</value>
+  </data>
+  <data name="HintUseDefaultCredentials" xml:space="preserve">
+    <value>Note: You can also use --useDefaultCredentials (-udc) to use system credentials instead of entering them manually.</value>
+  </data>
   <data name="HelpServiceContractFormat" xml:space="preserve">
     <value>Generate code for Service Contracts. Client class will not be generated. (Short Form: -{0})</value>
   </data>

src/dotnet-svcutil/lib/src/Shared/Options/SvcutilOptions.cs

@@ -24,6 +24,7 @@ internal class SvcutilOptions : UpdateOptions
         public const string ToolContextKey = "toolContext";
         public const string VerbosityKey = "verbosity";
         public const string AccecptCertificateKey = "acceptCertificate";
+        public const string UseDefaultCredentialsKey = "useDefaultCredentials";
         public const string ServiceContractKey = "serviceContract";
         #endregion
 
@@ -41,6 +42,7 @@ internal class SvcutilOptions : UpdateOptions
         public OperationalContext? ToolContext { get { return GetValue<OperationalContext?>(ToolContextKey); } set { SetValue(ToolContextKey, value); } }
         public Verbosity? Verbosity { get { return GetValue<Verbosity?>(VerbosityKey); } set { SetValue(VerbosityKey, value); } }
         public bool? AcceptCert { get { return GetValue<bool?>(AccecptCertificateKey); } set { SetValue(AccecptCertificateKey, value); } }
+        public bool? UseDefaultCredentials { get { return GetValue<bool?>(UseDefaultCredentialsKey); } set { SetValue(UseDefaultCredentialsKey, value); } }
         public bool? ServiceContract { get { return GetValue<bool?>(ServiceContractKey); } set { SetValue(ServiceContractKey, value); } }
         #endregion
 
@@ -60,6 +62,7 @@ public SvcutilOptions()
                 new SingleValueOption<OperationalContext>(ToolContextKey),
                 new SingleValueOption<Verbosity>(VerbosityKey) { DefaultValue = Svcutil.Verbosity.Normal },
                 new SingleValueOption<bool>(AccecptCertificateKey),
+                new SingleValueOption<bool>(UseDefaultCredentialsKey),
                 new SingleValueOption<bool>(ServiceContractKey));
         }
 

src/dotnet-svcutil/lib/src/Tool.cs

@@ -200,10 +200,11 @@ internal static async Task<ToolExitCode> RunAsync(CommandProcessorOptions option
             ImportModule importModule = null;
             var credsProvider = new CmdCredentialsProvider();
             credsProvider.AcceptCert = options.AcceptCert.Value;
+            credsProvider.UseDefaultCredentials = options.UseDefaultCredentials.Value;
 
             ServiceDescriptor serviceDescriptor = options.Inputs.Count == 1 ?
-                new ServiceDescriptor(options.Inputs[0].ToString(), credsProvider, credsProvider, credsProvider) :
-                new ServiceDescriptor(options.Inputs.Select(i => i.ToString()).ToList(), credsProvider, credsProvider, credsProvider);
+                new ServiceDescriptor(options.Inputs[0].ToString(), credsProvider, credsProvider, credsProvider, options.UseDefaultCredentials.Value) :
+                new ServiceDescriptor(options.Inputs.Select(i => i.ToString()).ToList(), credsProvider, credsProvider, credsProvider, options.UseDefaultCredentials.Value);
 
             // When in Infrastructure mode (WCF CS) it is assumed the metadata docs have been downloaded and passed in as wsdl files.
             if (options.ToolContext != OperationalContext.Infrastructure)