Hi Oleg, Thanks. We are calling a vendor server, so we don't have Option 2. Option 1 - I will ask them to open a ticket with IIS.
I will try to implement Option 3, Custom Auth Scheme. I initially thought of extending Digest Scheme and just overriding the method where I can set qop quotes. But it is calling some private methods. So I guess I've to simply cut and paste the entire DigestScheme.java code into my custom scheme. Right? Thanks Vijay On 1/18/06, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote: > Vijay wrote: > > I'm using DIGEST authentication mechanism and I'm seeing the following > > issue. The Authorization header generated doesn't have double quotes > around > > auth (qop=auth). > > > > It does not have to. See RFC 2617 > > <quote> > 3.2.1 The WWW-Authenticate Response Header > ... > qop-value = "auth" | "auth-int" | token > ... > 3.2.2 The Authorization Request Header > ... > message-qop = "qop" "=" qop-value > </quote> > > > When I manually change it to qop="auth" and hard code the Authorization > > request header, it works fine. > > > > Please let me know how I can fix it, any work around solutions? The Server > > is IIS. Please help! > > > > Wire Log > > > > << "WWW-Authenticate: Digest qop="auth", realm="test.com", > > > nonce="48f059e3db3b986e198122200000c62661a27b6dcc97e444277010e5434d"[\r][\n]" > > > > > >>>"Authorization: Digest username="username", realm="test.com", > > > > nonce="48f059e3db3b986e198122200000c62661a27b6dcc97e444277010e5434d", > > uri="/Ping.aspx", response="b59dbaee24548abd6c327e00c671c302", *qop=auth*, > > nc=00000001, cnonce="87057e185a75a8cd9e65c24bba3f8e10"[\r][\n]" > > > > > > These are your options: > (1) Report this bug to Microsoft IIS team and get them fix it > (2) Migrate to a compliant HTTP server such as Apache HTTPD > (3) Implement a custom AuthScheme > > Hope this helps > > Oleg > > > > > Thanks > > > > Vijay > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
