Scrive DZ-Jay <[EMAIL PROTECTED]>: > (Sorry for my last message, I click "Send" before I wrote anything on it!)
No problem :-) > Maurizio Lotauro wrote: > <!SNIP!> > > Are you sure? I quickly reread the rfc and it say that more that one > challange > > could be specified in the header, but a challenge is defined as > > > > challenge = auth-scheme 1*SP 1#auth-param > > Yes, I am sure. It says that the "auth-scheme" token must be at least > one valid authentication mechanism, What I mean was, if the rfc say that more thatn one challenge can be specified, and a challenge is defined as above, then I interpreted it as: WWW-Authenticate: digest realm="...", nonce="...", ... basic realm="..." > and specifies that they should be listed in the order of preference. Where is specified? > > In any case the realm is defined as quoted-string but in the above header > is > > written without quote. > > In my example, it was (realm="foo"). It refers to the value of the > realm, which must be a quoted-string, not the parameter name itself. I'm referring to the trace wrote from SZ in the first message. > > As side note, the THttpCli doesn't expect more than one challenge per > header. > > How often is used from servers to specify more that one challenge per > header? > > I don't think it is very often. I mean, for example, if you require > Digest, why would you allow Basic? And more often than not, clients > merely support Basic and nothing else, except in proprietary > environments, in which case, you then specify the *only* mechanism that > you will support. There are other authentication, not only Digest, NTLM and Basic. I personally I don't consider the Basic an authentication ;-) > But still, it is specified in the RFC, and even emphasized on a side > note as a caveat, so I believe it should be implemented, just to be > fully compliant. Eventually. :) Of course. I'm not sure but it is possible that it doesn't consider that an header can continue in a new line. So the conclusion is that the header parsing need a revision :-) Bye, Maurizio. ---------------------------------------------------- This mail has been sent using Alpikom webmail system http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
