cURL / Mailing Lists / curl-library / Single Mail


Re: Authentication

From: Daniel Stenberg <>
Date: Fri, 6 Feb 2004 09:45:32 +0100 (CET)

On Thu, 5 Feb 2004, Xiuping Hu wrote:

> If I set authentication method as any as:
> curl_easy_setopt(d_curl, CURLOPT_HTTPAUTH,
> How curl decide which auth method I am using?

It first performs the request without any authorization header, and then when
it gets back a (401 or 407) response, it figures out which methods the
server/proxy supports, picks the one it considers best and sends off the
request again with the proper authorization header.

(Note that when using PUT or POST, the current libcurl is not behaving
correctly if more than one type is set with CURLOPT_HTTPAUTH.)

> Inside a proxy code, do we care about sending the base64 encoded message?
> Or it is done by curl?

I don't understand what "base64 encoded message" you're talking about. Can you

> Could you please send me a simple C code that make both Basic and NTLM work?

I don't have anything prepared.

> curl_easy_setopt(d_curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_ANY);
> curl_easy_setopt(d_curl, CURLOPT_USERPWD, "user:pass");
> curl_easy_setopt(d_curl, CURLOPT_PROXYUSERPWD, "user:pass");
> ....
> CURLcode res = curl_easy_perform(m_curl);
> Is this all I need?

Yes it is.

> Do I need to decide if it Basic, do base64encode, if it is NTLM, construct
> the type2 and type3 Message for each 401 respond?

Oh no. libcurl hides all the details on how the authentication is actually
made. No need for you to worry about that!

    Daniel Stenberg -- --
   [[ Do not send mails to this email address. They won't reach me. ]]
Received on 2004-02-06