cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: Using Digest Authentication

From: Chris Brown <christopherbrown_at_paradise.net.nz>
Date: Mon, 13 Aug 2007 21:45:51 +1200

Thanks for your response.

The http headers from verbose are as follows (I have excluded the content of
the request and response for simplicity):

POST /Test/Test.asmx HTTP/1.1
Host: xxx.xxx.xxx.xxx
Cookie:
Accept: text/xml
SOAPAction:"http://xxxxxxxxxxxxxxx"
Content-Type: text/xml
Content-Length: 840

HTTP/1.1 100 Continue
Server: Microsoft-IIS/5.1
Date: Mon, 13 Aug 2007 09:36:03 GMT
X-Powered-By: ASP.NET
  
HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/5.1
Date: Mon, 13 Aug 2007 09:36:03 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
WWW-Authenticate: Digest realm="devtest", nonce="OC8xMy8yMDA3IDIxOjM3OjAz",
opaque="0000000000000000", stale=false, algorithm=MD5, qop="auth"
WWW-Authenticate: Basic Realm="devtest"
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Content-Length: 410

It seems ok although there may well be something I've missed. Can I assume
then that libcurl should be returning the correct authorization
automatically? I wasn't sure if I was required to explicitly create a second
request after receiving the '401' response.

Thanks

-----Original Message-----
From: curl-library-bounces_at_cool.haxx.se
[mailto:curl-library-bounces_at_cool.haxx.se] On Behalf Of Daniel Stenberg
Sent: Monday, 13 August 2007 7:19 p.m.
To: libcurl development
Subject: Re: Using Digest Authentication

On Mon, 13 Aug 2007, Chris Brown wrote:

> I am successfully using libcurl with basic authentication but also
> need to implement digest. Using curl_easy_setopt I have set
> CURLOPT_HTTPAUTH with CURLAUTH_DIGEST and also set CURLOPT_USERPWD.
> When I make a request to my server I get a '100 Continue' response
followed by a '401 Unauthorized'
> which includes the WWW-Authenticate header with the nonce etc. If my
> understanding is correct this should be what is happening for digest
> authentication but I am unclear how to proceed from this point.

Ehm, yes that's exactly how you do it!

> I imagined that libcurl would automatically respond with the
> appropriate authentication based on the nonce etc provided by the
> server but this doesn't appear to be happening. Am I missing
> something? Is there some further steps I need to take once I receive this
response from the server?

Does enabling VERBOSE provide any further details that might offer a clue to
why this happens?

--
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
__________ NOD32 2454 (20070812) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
Received on 2007-08-13