Hi I am working on a project that uses XWT (xwt.org) as a frontend to Zope.
XWT uses XMLRPC to communicate with a backend (in this case Zope). XWT expects an Error 401 is authentication is required on an XMLRPC call, so that it can negotiate the correct auth method The author of XWT sent the following email to me >Tim, I've got a piece of the answer -- your server needs to return an >HTTP 401 (Unauthorized) if no username/password is provided. This >response includes the challenge that XWT needs in order to build an >authentication request (realm, digest nonce challenge, etc). However what Zope is doing is sending back a <fault> in the XMLRPC <methodResponse> packet. So it appears to me that Zope doesn't send a http response 401 for XMLRPC (over http), but will send a 401 back to the browser. XMLRPC doesn't say anything about authentication, so I suppose either method is acceptable. However because XMLRPC is implemented on top of http, I would have thought a http approach (ie error 401) would be used. It appears that this behaviour is fundamental to Zope and is not an artifact of cookie auth in CMF etc.. Is this really correct behaviour ? Regards Tim Hoffman _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
