cURL / Mailing Lists / curl-library / Single Mail


Re: Question about CURLOPT_HTTPAUTH

From: Daniel Stenberg <>
Date: Tue, 29 Jul 2003 00:23:47 +0200 (CEST)

On Mon, 28 Jul 2003, James Gallagher wrote:

> I have a possibly naive question about the HTTPAUTH feature of
> libcurl-7.10.6. I have an application that needs to use authentication.
> Basic authentication is OK, but I'd prefer Digest. When I call:
> curl_easy_setopt(d_curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_BASIC);
> Authentication works just fine. However, when I use:
> or just CURLAUTH_DIGEST alone, authentication fails. I can see with VERBOSE
> and a DEBUGFUNCTION that with CURLAUTH_BASIC an Authorization header is send
> to the server (here's what it looks like: Authorization: Basic
> amltZzp3YXNfcXVpdA==, which seems odd since I thought with Basic
> authenticationthe username and password would be sent as plain text...) but
> with BASIC|DIGEST or DIGEST, there's no such header.

First, the Basic credentials are plain text base64 encoded. (As Scott already

Digest authentication requires an initial request to get a "WWW-Authenticate:
Digest" header back that contains the nonce needed for doing subsequent
request which then should get a proper response back (if the name and password
are correct).

> Can anybody tell me how to get Digest authentication working or what I'm
> doing wrong? If so, I'd really appreciate it.

What headers do you get back in the first response?

(I just now wrote up a fresh test case that tests Basic or Digest, and it
seems to work fine...)

 Daniel Stenberg -- curl: been grokking URLs since 1998
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.;at.aspnet_072303_01/01
Received on 2003-07-29