SIPUserAgent.BlindTransfer fails when trying through a proxy server

[olebolesparabol]

Hi,

I'm currently trying to get our sip client to make a blind transfer using SipUserAgent.BlindTransfer. Making a normal Call works fine, as I can provide the username and password, but that is not possible through blind transfer.
I've been told, the Proxy-Authorization is missing in the REFER sip request and that I need to include the Proxy-Authorization header I get back in the INVITE sip request, but I don't see how I can access any such information, that I could use in blind transfer.
There is an optional field (string[] customHeaders) on BlindTransfer, but I don't know where I'm supposed to get the header from.
Any ideas on how to solve this?
I'm running against a Kamailio proxy with an Asterisk behind.

Code:
_userAgent = new SIPUserAgent(_sipTransport, null, true);
_registrationClient = new SIPRegistrationUserAgent(_sipTransport, deviceId, sipClientPassword, _asteriskSipDomain, 300);
_registrationClient.Start();
...
public async Task BlindTransfer(string transferId)
{
var targetUri = SIPURI.ParseSIPURI(_asteriskSipDomain);
targetUri.User = transferId;
var result = await _userAgent.BlindTransfer(targetUri, TimeSpan.FromSeconds(5), CancellationToken.None);
}

I've provided a sip trace as well:
407_fail_on_REFER.zip

[sipsorcery]

The authorization headers on in-dialog requests, suhc as transfers and byes, has always been a strange part of SIP. Sometimes they're requires sometimes not. When they are required it's usually just a copy of whatever was used in the INVITE request or response which a man-in-the-middle attacker can easily access.

Are you using the sipsorcery library from source or from the nuget package? It's easy for me to add a small code change to see if automatically including the authorization header in the REFER request fixes your problem.

Other than that you could use the ClientCallAnswered event to get access to the SIPClientUserAgent.ServerTransaction.TransactionRequest and get the headers to add as custom ones on the _userAgent.BlindTransfer call.

[olebolesparabol]

Thank you for the answer. I'm using nuget package v 6.0.3. If you make a pre-release with your suggested fix, I'm more than willing to try it out :)

[olebolesparabol]

I managed to get a use case to work:
204 calls 205, 204 blind transfers 205 to 206.
I'm reusing parts of the proxyAuthenticationHeader from the original invite.
Code:
var oldDigest = _proxyAuthenticationHeader.SIPDigest;
var digest = new SIPAuthorisationDigest(SIPAuthorisationHeadersEnum.ProxyAuthenticate, oldDigest.Realm, oldDigest.Username, oldDigest.Password, oldDigest.URI, oldDigest.Nonce, "REFER");
digest.Response = digest.GetDigest();
_proxyAuthenticationHeader.SIPDigest = digest;
var authorizationHeader = _proxyAuthenticationHeader.ToString();
var result = await _userAgent.BlindTransfer(targetUri, TimeSpan.FromSeconds(5), CancellationToken.None, new string[] { authorizationHeader });

Unfortunately, for my second use case, I have to find a different way to set the authentication header:
204 calls 205, 205 blind transfers 204 to 206
Any suggestions to where I can get a nonce to build my header for 205?

[sipsorcery]

I think this may be a simlar problem to the one #479 solves. If a REFER request gets a authenrication required response it will need to use the username/password set on the SIPUserAgent to authenticate.