Vijay wrote:
I'm using DIGEST authentication mechanism and I'm seeing the following
issue. The Authorization header generated doesn't have double quotes around
auth (qop=auth).
It does not have to. See RFC 2617
<quote>
3.2.1 The WWW-Authenticate Response Header
...
qop-value = "auth" | "auth-int" | token
...
3.2.2 The Authorization Request Header
...
message-qop = "qop" "=" qop-value
</quote>
When I manually change it to qop="auth" and hard code the Authorization
request header, it works fine.
Please let me know how I can fix it, any work around solutions? The Server
is IIS. Please help!
Wire Log
<< "WWW-Authenticate: Digest qop="auth", realm="test.com",
nonce="48f059e3db3b986e198122200000c62661a27b6dcc97e444277010e5434d"[\r][\n]"
"Authorization: Digest username="username", realm="test.com",
nonce="48f059e3db3b986e198122200000c62661a27b6dcc97e444277010e5434d",
uri="/Ping.aspx", response="b59dbaee24548abd6c327e00c671c302", *qop=auth*,
nc=00000001, cnonce="87057e185a75a8cd9e65c24bba3f8e10"[\r][\n]"
These are your options:
(1) Report this bug to Microsoft IIS team and get them fix it
(2) Migrate to a compliant HTTP server such as Apache HTTPD
(3) Implement a custom AuthScheme
Hope this helps
Oleg
Thanks
Vijay
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
