On Mon, 28 Jul 2003, James Gallagher wrote:

> I have a possibly naive question about the HTTPAUTH feature of
> libcurl-7.10.6. I have an application that needs to use authentication.
> Basic authentication is OK, but I'd prefer Digest. When I call:
>
> curl_easy_setopt(d_curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_BASIC);
>
> Authentication works just fine. However, when I use:
>
> (long)(CURLAUTH_BASIC|CURLAUTH_DIGEST)
>
> or just CURLAUTH_DIGEST alone, authentication fails. I can see with VERBOSE
> and a DEBUGFUNCTION that with CURLAUTH_BASIC an Authorization header is send
> to the server (here's what it looks like: Authorization: Basic
> amltZzp3YXNfcXVpdA==, which seems odd since I thought with Basic
> authenticationthe username and password would be sent as plain text...) but
> with BASIC|DIGEST or DIGEST, there's no such header.

First, the Basic credentials are plain text base64 encoded. (As Scott already
mentioned.)

Digest authentication requires an initial request to get a "WWW-Authenticate:
Digest" header back that contains the nonce needed for doing subsequent
request which then should get a proper response back (if the name and password
are correct).

> Can anybody tell me how to get Digest authentication working or what I'm
> doing wrong? If so, I'd really appreciate it.

What headers do you get back in the first response?

(I just now wrote up a fresh test case that tests Basic or Digest, and it
seems to work fine...)

-- 
 Daniel Stenberg -- curl: been grokking URLs since 1998
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01