On Tue, Nov 25, 2008 at 9:33 AM, Menner May <hans.juergen.may_at_googlemail.com
> wrote:

> I'm successfully using curl and libcurl to upload and download files
> using http, https, ftp, ftps and sftp, sometimes via http and socks
> proxies. Fine tool.
>
> But this time I have problems to download a file from a https site
> with basic authentication. It's no problem with Firefox: typing in the
> URL, filling in username and password in the Firefox basic
> authentication window, and then downloading the file. But with curl,
> it's failing.
>
> With LiveHTTP Headers I could find the reason, probably. There are
> some cookies, but curl can cope with that. And there are multiple
> dynamic 302 redirects, forward to an Single Sign On application, and
> then back again. And the client is supposed NOT to send it's basic
> authentication credentials until one of those redirected pages ask for
> it.
>
> If the client sends it's basic authentication header immediatelly,
> without being asked by the server, this redirection does not occur.
> Instead, the server sends an 401 error page.
>
> Is there an option in curl, maybe in conjunction with --location, to
> send the basic authentication header only if requested by the server
> (WWW-Authenticate: BASIC realm=...) ?

Take a look at the "--anyauth" option. The man page says:

              Tells curl to figure out authentication method by itself,
              and use the most secure one the remote site claims it
supports.
              This is done by first doing a request and checking the
response-
              headers, thus possibly inducing an extra network
round-trip.

Ralph Mitchell

-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2008-11-25