Scrive DZ-Jay <[EMAIL PROTECTED]>:

> Maurizio Lotauro wrote:
> > Scrive Fastream Technologies <[EMAIL PROTECTED]>:

[...]

> >> 24.01.2006 13:31:57 From Remote
> >>
> >> HTTP/1.1 401 Authorization Required..WWW-Authenticate: Digest Basic 
> >> realm=localhost/%3EFastream.com/, uri="localhost/%3EFastream.com/", 
> >> qop="auth,auth-int", nonce="MjAwNi0wMS0yNCAxMzozMTo1Nw==", 
> >> opaque="ETimpfFSr8qhbccexiZCu80UjTzQdMUmMm"..Content-Length: 
> > 
> > Why Basic is right after Digest? It shold be in a separate header line:
> > 
> > WWW-Authenticate: Digest realm=...
> > WWW-Authenticate: Basic realm=...
> 
> As far as I know, you may list them in the same header in the order of 
> preference.  Setting them in different headers will just squash them 
> into a flat list on the client-side.  So these two are the same:
> 
> WWW-Authenticate: Digest Basic realm="foo"

Are you sure? I quickly reread the rfc and it say that more that one challange 
could be specified in the header, but a challenge is defined as

  challenge = auth-scheme 1*SP 1#auth-param

So the question is if the Basic must be specified after tha last parameter of 
Digest.
In any case the realm is defined as quoted-string but in the above header is 
written without quote.

As side note, the THttpCli doesn't expect more than one challenge per header. 
How often is used from servers to specify more that one challenge per header?


Bye, Maurizio.

----------------------------------------------------
This mail has been sent using Alpikom webmail system
http://www.alpikom.it

-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to