cURL / Mailing Lists / curl-library / Single Mail


RE: Using Digest Authentication

From: Chris Brown <>
Date: Mon, 13 Aug 2007 21:45:51 +1200

Thanks for your response.

The http headers from verbose are as follows (I have excluded the content of
the request and response for simplicity):

POST /Test/Test.asmx HTTP/1.1
Accept: text/xml
Content-Type: text/xml
Content-Length: 840

HTTP/1.1 100 Continue
Server: Microsoft-IIS/5.1
Date: Mon, 13 Aug 2007 09:36:03 GMT
X-Powered-By: ASP.NET
HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/5.1
Date: Mon, 13 Aug 2007 09:36:03 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
WWW-Authenticate: Digest realm="devtest", nonce="OC8xMy8yMDA3IDIxOjM3OjAz",
opaque="0000000000000000", stale=false, algorithm=MD5, qop="auth"
WWW-Authenticate: Basic Realm="devtest"
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Content-Length: 410

It seems ok although there may well be something I've missed. Can I assume
then that libcurl should be returning the correct authorization
automatically? I wasn't sure if I was required to explicitly create a second
request after receiving the '401' response.


-----Original Message-----
[] On Behalf Of Daniel Stenberg
Sent: Monday, 13 August 2007 7:19 p.m.
To: libcurl development
Subject: Re: Using Digest Authentication

On Mon, 13 Aug 2007, Chris Brown wrote:

> I am successfully using libcurl with basic authentication but also
> need to implement digest. Using curl_easy_setopt I have set
> When I make a request to my server I get a '100 Continue' response
followed by a '401 Unauthorized'
> which includes the WWW-Authenticate header with the nonce etc. If my
> understanding is correct this should be what is happening for digest
> authentication but I am unclear how to proceed from this point.

Ehm, yes that's exactly how you do it!

> I imagined that libcurl would automatically respond with the
> appropriate authentication based on the nonce etc provided by the
> server but this doesn't appear to be happening. Am I missing
> something? Is there some further steps I need to take once I receive this
response from the server?

Does enabling VERBOSE provide any further details that might offer a clue to
why this happens?

  Commercial curl and libcurl Technical Support:
__________ NOD32 2454 (20070812) Information __________
This message was checked by NOD32 antivirus system.
Received on 2007-08-13