Re: DIGEST qop=auth Missing Double Quotes

Wed, 18 Jan 2006 12:08:56 -0800 

Vijay wrote:

Hi Oleg,
Thanks. We are calling a vendor server, so we don't have Option 2. Option 1 - I will ask them to open a ticket with IIS. 

I will try to implement Option 3, Custom Auth Scheme.  I initially
thought of extending Digest Scheme and just overriding the method
where I can set qop quotes. But it is calling some private methods. So
I guess I've to simply cut and paste the entire DigestScheme.java code
into my custom scheme. Right?



Hi Vijay,
I am afraid so. Feel free, however, to open an enhancement request in Bugzilla to make DigestScheme easier to extend and customize. 

Oleg



Thanks
Vijay

On 1/18/06, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote:


Vijay wrote:


I'm using DIGEST authentication mechanism and I'm seeing the following
issue.  The Authorization header generated doesn't have double quotes


around


auth (qop=auth).



It does not have to. See RFC 2617

<quote>
3.2.1 The WWW-Authenticate Response Header
...
qop-value         = "auth" | "auth-int" | token
...
3.2.2 The Authorization Request Header
...
message-qop      = "qop" "=" qop-value
</quote>


When I manually change it to qop="auth" and hard code the Authorization
request header, it works fine.

Please let me know how I can fix it, any work around solutions? The Server
is IIS. Please help!

Wire Log

<< "WWW-Authenticate: Digest qop="auth", realm="test.com",



nonce="48f059e3db3b986e198122200000c62661a27b6dcc97e444277010e5434d"[\r][\n]"




"Authorization: Digest username="username", realm="test.com",


nonce="48f059e3db3b986e198122200000c62661a27b6dcc97e444277010e5434d",
uri="/Ping.aspx", response="b59dbaee24548abd6c327e00c671c302", *qop=auth*,
nc=00000001, cnonce="87057e185a75a8cd9e65c24bba3f8e10"[\r][\n]"




These are your options:
(1) Report this bug to Microsoft IIS team and get them fix it
(2) Migrate to a compliant HTTP server such as Apache HTTPD
(3) Implement a custom AuthScheme

Hope this helps

Oleg



Thanks

Vijay




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to