Hi All,

I just finished an implementation of Digest Access Authentication
in the THttpCli.
Digest authentication requires at least one server challenge per 
protection space (realm). This is similar to basic authentication 
which may use a realm as challenge (currently not supported by basic
in both THttpCli and THttpServer).

Once a client is authenticated it MAY preemptively send the
corresponding Authorization header with requests for resources in
that protection space without receipt of another challenge from the
server. This is currently not implemented in the THttpCli so always
two requests are required with authentication which is horribly slow!

I doubt that the THttpCli itself should handle those 'preemptive
Authorization headers' instead it should provide some option which
makes it possible/easy to lookup, create send those 'preemptive 
Authorization headers' at the application level or maybe in derived
classes. Currently there is IMO no such option, the 401 and 407 error
codes are handled silently internally.

Any thoughts and suggestions?

Arno Garrels [TeamICS]

To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to