On Mon, 6 Nov 2006, Theodore H. Smith wrote:

> I'm using this tool named HTTP Analyzer. And... it is able to intercept the
> streams, but in the stream I see no mention of any Authorization: field. So
> how is the authorisation done if not done via the HTTP request?

If you use -u, curl with use such a header. If you use "any" auth, it will
first try without any such header.

> POST /coursebuilder/importCourse/getDepartments.asp?orgid=SUHS/Default
> HTTP/1.1
> Content-Type: multipart/form-data; boundary=--MULTI-PARTS-FORM-DATA-BOUNDARY
> Accept: */*
> Content-Length: 14028
> User-Agent: Mozilla/4.0 (compatible; )
> Host: gdst2.simslearning.co.uk
> Connection: Keep-Alive
> Cache-Control: no-cache
> Cookie: LW=LTVST=39027%2E6665162037;
> ASPSESSIONIDASARRAAQ=OHDJFOLBPAABDINEDCDBJDHF;
> ASPSESSIONIDCQDTQBDQ=LHIJPNKDKBGHNFDMEDNIPHFI

Uh? There's no auth in this request...

Well, you should have no problems to make a request with libcurl that looks
pretty much exactly like this.

> What parameters do I pass to curl to acheive these headers? The server I
> think is some hacked up "not a real server". Just a kludge to get us by. (I
> didn't write this server back end so don't shoot at me!). I'm not sure if it
> actually accepts "Expect: 100-continue"

CURLOPT_HTTPHEADER is your friend:

   http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTHTTPHEADER

An example showing how to disable the Expect: header:

   http://curl.haxx.se/lxr/source/docs/examples/postit2.c

> :( It might just be returning 403 errors even upon success. Well I can't see
> the password passed anyhow, so I have no idea where it is getting it from :(

403 is not a bad auth, 403 means forbidden. "The server understood the
request, but is refusing to fulfill it". You would get a 401 back if it was an
auth problem.

> The request:
>
> HTTP/1.1 403 Forbidden

[...]

No, that's a response...

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html