curl-library
Basic auth and 401 (Re: Fwd: curl-library Digest, Vol 110, Issue 19)
Date: Thu, 9 Oct 2014 16:21:43 +0200 (CEST)
On Wed, 8 Oct 2014, Chris Johnson wrote:
Please switch off the digest-mode of mail delivery if you want to participate
in discussions on the list.
> Do I correctly understand that a 401 / WWW-Authenticate should NOT be sent
> in response to my POST request, which includes the Basic Auth user+password
> header, and for which I've asked libcurl to use only Basic Auth via
> curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC)?
Correct. Since your request already includes the authentication header, the
server should've already authenticated your request based on that. By
responding with a 401 in spite of the authentication header it means that it
didn't think it was good enough == wrong user or password.
> Because that's what the server is sending me just prior to or just after the
> error message from libcurl: "Authentication problem. Ignoring this."
Yes, since libcurl knows it already sent the server the credentials getting a
401 back is an auth problem.
> I am able to connect to this server using the SoapUI tool, and can see that
> it sends the entire POST twice, the initial time and then again in response
> to the 401 / WWW-Authenticate response.
Then it probably didn't include the auth headers in the first request and only
sent it again since the first request was rejected (and a 401 was sent back).
You can make libcurl do that (in this case) unnecessary request as well if you
really want to (by ORing CURLAUTH_ONLY to CURLAUTH_BASIC).
But if you check SoapUI's request and compare its Basic auth header with the
one libcurl sends, do they look the same? If you base64 decode the one SoapUI
uses you can see exactly which user+password it sends...
-- / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-10-09