> (Sorry for my last message, I click "Send" before I wrote anything on it!)

No problem :-)

> Maurizio Lotauro wrote:
> <!SNIP!>
> > Are you sure? I quickly reread the rfc and it say that more that one
> challange 
> > could be specified in the header, but a challenge is defined as
> > 
> >   challenge = auth-scheme 1*SP 1#auth-param
> Yes, I am sure.  It says that the "auth-scheme" token must be at least 
> one valid authentication mechanism,

What I mean was, if the rfc say that more thatn one challenge can be 
specified, and a challenge is defined as above, then I interpreted it as:

WWW-Authenticate: digest realm="...", nonce="...", ... basic realm="..."

> and specifies that they should be listed in the order of preference.

Where is specified?

> > In any case the realm is defined as quoted-string but in the above header
> is 
> > written without quote.
> In my example, it was (realm="foo").  It refers to the value of the 
> realm, which must be a quoted-string, not the parameter name itself.

I'm referring to the trace wrote from SZ in the first message.

> > As side note, the THttpCli doesn't expect more than one challenge per
> header. 
> > How often is used from servers to specify more that one challenge per
> header?
> I don't think it is very often.  I mean, for example, if you require 
> Digest, why would you allow Basic?  And more often than not, clients 
> merely support Basic and nothing else, except in proprietary 
> environments, in which case, you then specify the *only* mechanism that 
> you will support.

There are other authentication, not only Digest, NTLM and Basic.
I personally I don't consider the Basic an authentication ;-)

> But still, it is specified in the RFC, and even emphasized on a side 
> note as a caveat, so I believe it should be implemented, just to be 
> fully compliant.  Eventually. :)

Of course. I'm not sure but it is possible that it doesn't consider that an 
header can continue in a new line.
So the conclusion is that the header parsing need a revision :-)

Bye, Maurizio.

This mail has been sent using Alpikom webmail system

To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to