Hello, ----- Original Message ----- From: "Maurizio Lotauro" <[EMAIL PROTECTED]> To: "ICS support mailing" <twsocket@elists.org> Sent: Tuesday, January 24, 2006 6:54 PM Subject: Re: [twsocket] Need help with RFC2617 and IE bug
> Scrive DZ-Jay <[EMAIL PROTECTED]>: > >> Maurizio Lotauro wrote: >> > Scrive Fastream Technologies <[EMAIL PROTECTED]>: > > [...] > >> >> 24.01.2006 13:31:57 From Remote >> >> >> >> HTTP/1.1 401 Authorization Required..WWW-Authenticate: Digest Basic >> >> realm=localhost/%3EFastream.com/, uri="localhost/%3EFastream.com/", >> >> qop="auth,auth-int", nonce="MjAwNi0wMS0yNCAxMzozMTo1Nw==", >> >> opaque="ETimpfFSr8qhbccexiZCu80UjTzQdMUmMm"..Content-Length: >> > >> > Why Basic is right after Digest? It shold be in a separate header line: >> > >> > WWW-Authenticate: Digest realm=... >> > WWW-Authenticate: Basic realm=... >> >> As far as I know, you may list them in the same header in the order of >> preference. Setting them in different headers will just squash them >> into a flat list on the client-side. So these two are the same: >> >> WWW-Authenticate: Digest Basic realm="foo" > > Are you sure? I quickly reread the rfc and it say that more that one > challange > could be specified in the header, but a challenge is defined as I copied the behavior from Apache. And it works. > > challenge = auth-scheme 1*SP 1#auth-param > > So the question is if the Basic must be specified after tha last parameter > of > Digest. > In any case the realm is defined as quoted-string but in the above header > is > written without quote. The order of the schemes define the preference of the client! This is determined with debugging!! > > As side note, the THttpCli doesn't expect more than one challenge per > header. > How often is used from servers to specify more that one challenge per > header? I have not looked into the HttpCli code but if it supports any scheme other than basic then it must support more than one challange per header. Regards, SZ > > > Bye, Maurizio. > > ---------------------------------------------------- > This mail has been sent using Alpikom webmail system > http://www.alpikom.it > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
