On 19/11/05, Oleg Kalnichevski <[EMAIL PROTECTED]> wrote: > Hello Karl, > > Here's the relevant differences between HTTP requests generated using > 3.0rc3 and 3.0rc4 [1]. The only significant variation I can spot is that > qop and nc attributes generated by rc4 are not enclosed in quotes. This > change has been introduced in 3.0rc4 per bug report 36372 [2], which was > perfectly valid in my opinion. See the original original discussion here
Bug report 36372 only refers to nc, surely, not qop? > [3]. What is actually really fishy here is that the digest challenge Note that qop is quoted. > sent by the server does not look like those usually generated by IIS > [4]. Even though the server identifies itself as IIS 6.0 it is likely to > be something else. So, overall this appears like a server side problem Are you sure it's not as per [4]? > to me. To test this assumption consider tweaking the source code here > [5], recompile HttpClient and see if that makes any difference > > Hope this helps > > Oleg > > [1] > 2c2 > < header >> "User-Agent: Jakarta Commons-HttpClient/3.0-rc3[\r][\n]" > --- > > header >> "User-Agent: Jakarta Commons-HttpClient/3.0-rc4[\r][\n]" > 23c23 > < header << "Date: Sat, 19 Nov 2005 10:13:17 GMT[\r][\n]" > --- > > header << "Date: Sat, 19 Nov 2005 10:13:41 GMT[\r][\n]" > 27c27 > < header << "WWW-Authenticate: Digest qop="auth", realm="MapPoint", > nonce="058ce1c31bf6f30f7915932311001c0969ae245318c3a877671ae55744a3"[\r][\n]" > --- > > header << "WWW-Authenticate: Digest qop="auth", realm="MapPoint", > nonce="4da02d5cf00457a7122593231100904c92c9d9832c796c2a81bf3b8638ec"[\r][\n]" > 30c30 > < header >> "User-Agent: Jakarta Commons-HttpClient/3.0-rc3[\r][\n]" > --- > > header >> "User-Agent: Jakarta Commons-HttpClient/3.0-rc4[\r][\n]" > 40c40 > < header >> "Authorization: Digest username="107768", realm="MapPoint", > nonce="058ce1c31bf6f30f7915932311001c0969ae245318c3a877671ae55744a3", > uri="/Find-30/FindService.asmx", > response="a900983ea4ed8aa867ff97968c474b17", qop="auth", nc="00000001", > cnonce="e67d91e647da701da45ae7f100a61341"[\r][\n]" > --- > > header >> "Authorization: Digest username="107768", realm="MapPoint", > nonce="4da02d5cf00457a7122593231100904c92c9d9832c796c2a81bf3b8638ec", > uri="/Find-30/FindService.asmx", > response="5e2070488ae46efa833147acfa0f09a8", qop=auth, nc=00000001, > cnonce="f91a562bc4cd724171b8f50545cbb8a4"[\r][\n]" > 50,51c50,52 > < header << "HTTP/1.1 200 OK[\r][\n]" > < header << "Date: Sat, 19 Nov 2005 10:13:18 GMT[\r][\n]" > --- > > header << "HTTP/1.1 401 Unauthorized[\r][\n]" > > header << "Connection: close[\r][\n]" > > header << "Date: Sat, 19 Nov 2005 10:13:42 GMT[\r][\n]" > 55,60c56,57 > > [2] http://issues.apache.org/bugzilla/show_bug.cgi?id=36372 > > [3] > http://www.mail-archive.com/[email protected]/msg01176.html > > [4] > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/717b450c-f4a0-4cc9-86f4-cc0633aae5f9.mspx This seems to say that qop = "auth" | "auth-int" | "auth-conf". Also, rfc2617 says that the qop response should be chosen from one of the alternatives present in the WWW-Authenticate header - in which qop is quoted. So perhaps the problem is that both qop and nc have been "dequoted" - whereas as far as I can see qop should remain a quoted string If qop quoting _can_ vary, then the quoting strategy could perhaps be taken from the WWW-Authenticate header? Might be worth trying just quoting qop and seeing if this solves the problem... HTH. S. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
