cURL / Mailing Lists / curl-library / Single Mail

curl-library

HTTP authentication negotiation

From: Raf Nulens <raf.nulens_at_androme.com>
Date: Wed, 04 Jun 2008 11:29:38 +0200

Dear all,

when we perform a PUT request on a server that either has basic or
digest authentication we get the following trace:

PUT /pres-rules/users/test04_at_androme.com/pres-rules HTTP/1.1
User-Agent: curl/7.18.0 (i586-pc-mingw32msvc) libcurl/7.18.0
OpenSSL/0.9.7e zlib/1.2.3
Host: [our_host]:8000
Accept: */*
Content-type: application/auth-policy+xml
Content-Length: 279
Expect: 100-continue

HTTP/1.1 100 Continue

[full body]

HTTP/1.1 401 Unauthorized
Date: Tue, 03 Jun 2008 12:48:03 GMT
Content-Length: 141
Content-Type: text/html
WWW-Authenticate: basic realm="androme.com"
Server: OpenXCAP/0.9.9
<html><head><title>Unauthorized</title></head><body><h1>Unauthorized</h1><p>You
are not authorized to access this resource.</p></body></html>

We have following options set:

curl_easy_setopt ( pCURL, CURLOPT_PRIVATE, (void *)pUpload );
curl_easy_setopt ( pCURL, CURLOPT_URL, remotePathName.c_str () );
curl_easy_setopt ( pCURL, CURLOPT_UPLOAD, 1 );
curl_easy_setopt ( pCURL, CURLOPT_READFUNCTION,
internal::curl_read_callback );
curl_easy_setopt ( pCURL, CURLOPT_READDATA, this );
curl_easy_setopt ( pCURL, CURLOPT_INFILESIZE, body_size );
curl_easy_setopt ( pCURL, CURLOPT_HTTPAUTH, CURLAUTH_BASIC &
CURLAUTH_DIGEST );
curl_easy_setopt ( pCURL, CURLOPT_USERPWD, login.c_str () );

pCURLList = curl_slist_append ( pCURLList, "Content-Type:
application/auth-policy+xml" );
curl_easy_setopt ( pCURL, CURLOPT_HTTPHEADER, pCURLList );

When we perform the following command through curl, the request is
repeated after the 401 unauthorized response.

curl.exe
http://[our_host]:8000/pres-rules/users/test04_at_androme.com/pres-rules -H
"Content-type: application/auth-policy+xml" --user [user:pass] --anyauth
-T upload.txt

Is there any option we can set so that libcurl resends the PUT request
(with authentication) after the 401 unauthorized response, or is this
logic implemented outside libcurl?

Second question: we know that the server where we send the PUT request
to needs authentication (either digest or basic), so we expect to get a
401 response after the first PUT. When we set CURLOPT_HTTPAUTH to
CURLAUTH_DIGEST, we see that the first PUT is sent with content-length:
0 and without "Expect: 100-continue". However when we set
CURLOPT_HTTPAUTH to CURLAUTH_BASIC | CURLAUTH_DIGEST, the first PUT is
sent with content-length: 279 and Expect: 100-continue (as seen in the
trace).

Shouldnt libcurl make a difference between CURLAUTH_BASIC |
CURLAUTH_DIGEST and CURLAUTH_NONE | CURLAUTH_BASIC | CURLAUTH_DIGEST?

regards,

Raf Nulens
Received on 2008-06-04

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: HTTP authentication negotiation"
Previous message: Xu Xiaogang-a19881: "RE: Unhandled exception whenusingcurl_easy_perform()inVisualStudio2005 on Windows XP."
Next in thread: Daniel Stenberg: "Re: HTTP authentication negotiation"
Reply: Daniel Stenberg: "Re: HTTP authentication negotiation"
Reply: Dan Fandrich: "Re: HTTP authentication negotiation"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]