hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: DIGEST qop=auth Missing Double Quotes
Date Wed, 18 Jan 2006 19:09:21 GMT
Vijay wrote:
> I'm using DIGEST authentication mechanism and I'm seeing the following
> issue.  The Authorization header generated doesn't have double quotes around
> auth (qop=auth).
> 

It does not have to. See RFC 2617

<quote>
3.2.1 The WWW-Authenticate Response Header
...
qop-value         = "auth" | "auth-int" | token
...
3.2.2 The Authorization Request Header
...
message-qop      = "qop" "=" qop-value
</quote>

> When I manually change it to qop="auth" and hard code the Authorization
> request header, it works fine.
> 
> Please let me know how I can fix it, any work around solutions? The Server
> is IIS. Please help!
> 
> Wire Log
> 
> << "WWW-Authenticate: Digest qop="auth", realm="test.com",
> nonce="48f059e3db3b986e198122200000c62661a27b6dcc97e444277010e5434d"[\r][\n]"
> 
> 
>>>"Authorization: Digest username="username", realm="test.com",
> 
> nonce="48f059e3db3b986e198122200000c62661a27b6dcc97e444277010e5434d",
> uri="/Ping.aspx", response="b59dbaee24548abd6c327e00c671c302", *qop=auth*,
> nc=00000001, cnonce="87057e185a75a8cd9e65c24bba3f8e10"[\r][\n]"
> 
> 

These are your options:
(1) Report this bug to Microsoft IIS team and get them fix it
(2) Migrate to a compliant HTTP server such as Apache HTTPD
(3) Implement a custom AuthScheme

Hope this helps

Oleg

> 
> Thanks
> 
> Vijay
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message