Maurizio Lotauro wrote:
> Scrive DZ-Jay <[EMAIL PROTECTED]>:
>> Maurizio Lotauro wrote:
>>> Scrive Fastream Technologies <[EMAIL PROTECTED]>:
> [...]
>>>> 24.01.2006 13:31:57 From Remote
>>>> HTTP/1.1 401 Authorization Required..WWW-Authenticate: Digest Basic 
>>>> realm=localhost/, uri="localhost/", 
>>>> qop="auth,auth-int", nonce="MjAwNi0wMS0yNCAxMzozMTo1Nw==", 
>>>> opaque="ETimpfFSr8qhbccexiZCu80UjTzQdMUmMm"..Content-Length: 
>>> Why Basic is right after Digest? It shold be in a separate header line:
>>> WWW-Authenticate: Digest realm=...
>>> WWW-Authenticate: Basic realm=...
>> As far as I know, you may list them in the same header in the order of 
>> preference.  Setting them in different headers will just squash them 
>> into a flat list on the client-side.  So these two are the same:
>> WWW-Authenticate: Digest Basic realm="foo"
> Are you sure? I quickly reread the rfc and it say that more that one 
> challange 
> could be specified in the header, but a challenge is defined as
>   challenge = auth-scheme 1*SP 1#auth-param
> So the question is if the Basic must be specified after tha last parameter of 
> Digest.
> In any case the realm is defined as quoted-string but in the above header is 
> written without quote.
> As side note, the THttpCli doesn't expect more than one challenge per header. 
> How often is used from servers to specify more that one challenge per header?
> Bye, Maurizio.
> ----------------------------------------------------
> This mail has been sent using Alpikom webmail system

To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to