cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: digest authentication with HTTP post.

From: Hardeep Singh <hardeep.bhatia_at_gmail.com>
Date: Sun, 3 Apr 2005 21:12:22 +0530

Hi Daniel,

I got the verbose output of the request sent with libcurl version
7.12.1 and 7.13.1. The output is attached below.
The major difference I noted are:
1. Latest version uses POST instead of HEAD.
2. Latest version sets the Content-Length = 0 in first request.
3. Authorization info is missing in second request.

One more thing I noted, which may not be the cause, is that on server
I am setting charset along with content-type. This info is missing
from the response in case of latest version.

Hope this helps.
If you need any specific info., please let me know.

Thanks,
Hardeep Singh
 

//////////////////////////////////////////
// Verbose info. libcurl 7.12.1
//////////////////////////////////////////

* About to connect() to hardeep port 80
* Trying 172.19.12.157... * connected
* Connected to hardeep (172.19.12.157) port 80
* Server auth using Digest with user 'username'
> HEAD /PingServletName HTTP/1.1
Host: hardeep
Pragma: no-cache
User-agent: standaloneApp
Accept-Encoding:UTF8

< HTTP/1.1 401 Unauthorized
< Server: Microsoft-IIS/5.0
< Date: Sun, 03 Apr 2005 14:52:26 GMT
< X-Powered-By: ASP.NET
< Connection: close
< WWW-Authenticate: Digest realm="HARDEEP",
nonce="9a4ac2d87fe4a4c8b05273e90d44d037
", qop="auth"
< Connection: Close
< Content-Type: text/xml
* Closing connection #0
* Issue another request to this URL: 'http://hardeep/PingServletName'
* About to connect() to hardeep port 80
* Trying 172.19.12.157... * connected
* Connected to hardeep (172.19.12.157) port 80
* Server auth using Digest with user 'username'
> POST /PingServletName HTTP/1.1
Authorization: Digest username="username", realm="HARDEEP",
nonce="9a4ac2d87fe4a4c8
b05273e90d44d037", uri="/PingServletName", cnonce="NjIwNjU3", nc=00000001,
 qop="auth", response="7604853b499c53fb32780717d3ad2eaf"
Host: hardeep
Pragma: no-cache
User-agent: standaloneApp
Accept-Encoding:UTF8
Content-Length: 162
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----------------------------52b36a43
0fbc

< HTTP/1.1 100 Continue
< Server: Microsoft-IIS/5.0
< Date: Sun, 03 Apr 2005 14:52:26 GMT
< X-Powered-By: ASP.NET
< HTTP/1.1 200 OK
< Server: Microsoft-IIS/5.0
< Date: Sun, 03 Apr 2005 14:52:30 GMT
< X-Powered-By: ASP.NET
< Connection: close
< Connection: Close
< Content-Type: text/html; charset=UTF-8
* Closing connection #0

/////////////////////////
// END verbose
////////////////////////

////////////////////////////////////////
// verbose info. libcurl 7.13.1
////////////////////////////////////////

* About to connect() to hardeep port 80
* Trying 172.19.12.157... * connected
* Connected to hardeep (172.19.12.157) port 80
* Server auth using Digest with user 'username'
> POST /PingServletName HTTP/1.1
Host: hardeep
Pragma: no-cache
User-agent: standaloneApp
Accept-Encoding:UTF8
Content-Length: 0

< HTTP/1.1 100 Continue
< Server: Microsoft-IIS/5.0
< Date: Sun, 03 Apr 2005 14:57:45 GMT
< X-Powered-By: ASP.NET
< HTTP/1.1 401 Unauthorized
< Server: Microsoft-IIS/5.0
< Date: Sun, 03 Apr 2005 14:58:22 GMT
< X-Powered-By: ASP.NET
< Connection: close
< WWW-Authenticate: Digest realm="HARDEEP",
nonce="cb87395fa6367cdf8b4ab05b56e93728
", qop="auth"
< Connection: Close
< Content-Type: text/xml
* Closing connection #0
* Issue another request to this URL: 'http://hardeep/PingServletName'
* About to connect() to hardeep port 80
* Trying 172.19.12.157... * connected
* Connected to hardeep (172.19.12.157) port 80
> POST /PingServletName HTTP/1.1
Host: hardeep
Pragma: no-cache
User-agent: standaloneApp
Accept-Encoding:UTF8
Content-Length: 162
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----------------------------3f0e5dd5
e399

< HTTP/1.1 100 Continue
< Server: Microsoft-IIS/5.0
< Date: Sun, 03 Apr 2005 14:58:22 GMT
< X-Powered-By: ASP.NET
< HTTP/1.1 401 Unauthorized
< Server: Microsoft-IIS/5.0
< Date: Sun, 03 Apr 2005 14:58:28 GMT
< X-Powered-By: ASP.NET
< Connection: close
* Authentication problem. Ignoring this.
< WWW-Authenticate: Digest realm="HARDEEP",
nonce="97e25be98222e1f626a42fa39550a8e6
", qop="auth"
< Connection: Close
< Content-Type: text/xml
* Closing connection #0

/////////////////////////
// END verbose
////////////////////////

> Message: 4
> Date: Sat, 2 Apr 2005 23:03:13 +0200 (CEST)
> From: Daniel Stenberg <daniel-curl_at_haxx.se>
> Subject: Re: digest authentication with HTTP post.
> To: Hardeep Singh <hardeep.bhatia_at_gmail.com>, libcurl development
> <curl-library_at_cool.haxx.se>
> Message-ID: <Pine.LNX.4.61.0504022300060.14779_at_yvahk3.pbagnpgbe.fr>
> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
> On Sat, 2 Apr 2005, Hardeep Singh wrote:
>
> > I am using the libcurl version 7.12.3.
>
> ...
>
> > The response is same if I use libcurl version 7.13.1 with the same code
> > base.
> >
> > But the same code works fine when I use libcurl 7.12.1. Is there any bug in
> > these two version of libcurl, that makes digest to fail when used in post
> > request.
>
> Not that I'm aware of.
>
> > Please let me, if any body has any solution for this, or if this bug is
> > known, when is the fix expected.
>
> If you give us A LOT more details, we might be able to provide a fix once we
> understand what's going on. Please show us outgoing and incoming headers in
> the requets that go wrong. (Alter sensitive info before you post).
>
> --
> Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
>
> ------------------------------
Received on 2005-04-03