Web Reference with Basic Authentication fails

I have a web service created using Apache CXF, and two .NET clients using Web References (not Service References). The compact framework client works, but the .NET 4.0 desktop client only works when talking to localhost. Here's the client setup:

        var client = new Permission.Permission();
        client.Credentials = new NetworkCredential(username, password);
        client.PreAuthenticate = true;
        client.Url = url + "/Permission";

If url is http://localhost:8080/ the call succeeds, but if it is http://127.0.0.1:8080 the call fails with an error 401. For some reason the generated client code stops at the 401 response, and does not send the username and password.

Edit: I've found the culprit, but I don't know the final answer. Visual Studio has inserted this section into the app.config file:

<applicationSettings>
    <MyService.Properties.Settings>
        <setting name="MyService_Permission_Permission" serializeAs="String">
            <value>http://localhost:8080/api/Permission</value>
        </setting>
    </MyService.Properties.Settings>
</applicationSettings>

The authentication works if I change the app.config to match the required URL. So my key question is: how does my code command the generated client to switch to a different instance of th开发者_开发问答e web service, without editing app.config and restarting?

For further background, when I move the service code to another machine Wireshark shows the following sequence:

1. Service to client:

    HTTP/1.1 100 Continue\r\n
   

2. Client to Service:

    POST /api/Permission HTTP/1.1
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.225)
    VsDebuggerCausalityData: uIDPo8B4pxEyITVOlb6i18R2juMAAAAACwClY0YyykuVhoiZKG7oEPZ1kukkB6NLnxx6RVnHjT8ACQAA
    Content-Type: text/xml; charset=utf-8
    SOAPAction: ""
    Host: xxxxxx:8080
    Content-Length: 307
    Expect: 100-continue
   

3. Service to Client:

    HTTP/1.1 401 Unauthorized
    Content-Length: 0
    content-type: text/xml; charset=utf-8
    Expect: 100-continue
    Host: xxx:8080
    SOAPAction: ""
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.225)
    VsDebuggerCausalityData: uIDPo8B4pxEyITVOlb6i18R2juMAAAAACwClY0YyykuVhoiZKG7oEPZ1kukkB6NLnxx6RVnHjT8ACQAA
    WWW-Authenticate: Basic realm=realm
    Server: Jetty(6.1.25)
   

4. At the point the client should repeat the POST with basic authentication header added, but instead it stops.

I've tracked down the answer. The hostname localhost is magic in a Web Reference. Inside the generated code lives this function:

    private bool IsLocalFileSystemWebService(string url) {
        if (((url == null) 
                    || (url == string.Empty))) {
            return false;
        }
        System.Uri wsUri = new System.Uri(url);
        if (((wsUri.Port >= 1024) 
                    && (string.Compare(wsUri.Host, "localHost", System.StringComparison.OrdinalIgnoreCase) == 0))) {
            return true;
        }
        return false;
    }
}

By changing my app.config to default to 127.0.0.1, I bypass the special behaviour for authentication of local web services.

The moral of this story: don't use localhost in the URL when developing a web reference client against a local instance of the service.