I tried it, and it does in fact work with DIGEST.
Thanks! Regards, Sebastiaan Sebastiaan van Erk wrote:
Hi,I'm still trying to get different types of authentication to work, this time I'm testing with Microsoft ISA Server 2006 (which seems pretty broken). I got basic to work with a ResponseInterceptor to pick of the auth from a successful small request preceding a large request, and then using preemptive from then on the large POSTS. However, I'm having trouble with DIGEST.Oleg Kalnichevski wrote:HttpClient 4.0 can be customized to support preemptive authentication using BASIC or DIGEST schemes. NTLM cannot be used preemptively in principle.Just to clarify my understanding: DIGEST can only be used preemptively when the server accepts the reuse of a previously used nonce right? That is, if the proxy server requires a new DIGEST challenge/response every request, then preemptive DIGEST auth will (by definition) fail?Ok, I was afraid of that. Does that mean that I am forced to use expect/continue with non-repeatable requests?I am afraid so. Another alternative would be to execute a GET or a HEAD request to make sure credentials are OK before executing a POST with a large entity. The good thing about NTLM authentication scheme is that one has only to authenticate once. NTLM authentication is connection based. A persistent HTTP connection will retain its NTLM context as long as it remains open.Ok, I'm testing with MS ISA 2006 as mentioned above. It seems to be very broken: when doing expect/continue it will *ALWAYS* respond 100 Continue when doing a POST, only to fail with a 407 the second you start sending data. This breaks non-repeatable POSTS with DIGEST authentication, and I can't use the preemptive DIGEST using authentication from a previous request, since ISA requires a new challenge/response on the every request (even in the same connection).The use of preemptive authentication is discouraged (or at least not promoted). However, one can easily add preemptive authentication capabilities using custom protocol interceptors. See samples above.Ok, I'll give the interceptors a shot. The reason I want (need?) preemptive authentication is because some proxies do not support expect/continue and I have non-repeatable posts (multi-megabyte size).An HTTP GET or HEAD preceding a POST with a large content entity is the way to go.This works with NTLM (connection based), but not with DIGEST (at least on ISA). Do you have any ideas how to go about it with DIGEST?Regards, Sebastiaan
smime.p7s
Description: S/MIME Cryptographic Signature
