Rob Owen wrote:
HttpMethodBase's processAuthenticationResponse uses a set of realms
to which attempts to authenticate have already been made. The
elements of the set are a concatenation of the requested path and the
value of the Authentication response header.
For digest authentication this response header contains a nonce
value, which is uniquely generated by the server each time a 401
response is made. This makes it impossible to recognize that
authentication against this realm has been attempted before and so
all 100 attempts are made before returning. The nonce should probably
not be used in the realmsUsed elements.
Wow! That's quite an ugly bug.
Rob, do you mind providing a test case for that?
Odi
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
