DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=34909>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=34909 ------- Additional Comments From [EMAIL PROTECTED] 2005-05-13 21:18 ------- I think this problem has nothing to do with the user name. I was able to establish that HttpClient 3.0 produced a different auth string compared to that produced by HttpClient 2.0 in response to the same auth challenge: Credentials creds = new UsernamePasswordCredentials("domain\\username", "password"); DigestScheme authscheme = new DigestScheme("Digest qop=\"auth\",algorithm=MD5-sess,nonce=\"b2a83a38cd57c501af3ad2c91f189512060524424ffc2b818c9920db15cd247a9d47cf5a789d63c6\",opaque=\"1704373a505e74c4ec692978e5c1a539\",charset=utf-8,realm=\"Digest\""); System.out.println(authscheme.authenticate(creds, "GET", "/")); HttpClient 2.0 output: Digest username="domain\username", realm="Digest", nonce="b2a83a38cd57c501af3ad2c91f189512060524424ffc2b818c9920db15cd247a9d47cf5a789d63c6", uri="/", qop="auth", algorithm="MD5-sess", nc=00000001, cnonce="3e7cee60022e0f9c6d23cd9dea46a033", response="3c997fba9c2e77e1c37fadd352006a46", opaque="1704373a505e74c4ec692978e5c1a539" HttpClient 3.0 output: Digest username="domain\username", realm="Digest", nonce="b2a83a38cd57c501af3ad2c91f189512060524424ffc2b818c9920db15cd247a9d47cf5a789d63c6", uri="/", response="038567efed48e01d0f08d27526b6ebda", algorithm="MD5-sess", opaque="1704373a505e74c4ec692978e5c1a539" Obviously the responses are different and this may well be the cause of the problem. I remember the DigestScheme code was revised for better compliance with RFC 2617. Theoretically HttpClient 3.0 _should_ produce more compliant auth responses. So, I am not entirely sure whether this problem is HttpClient's fault or that of MS IIS. I do encourage you to experiment with HttpClient's code if you want a quick resolution to this issue, since you are the only person who can reliably reproduce the problem. In my turn I'll try to review HttpClient's handling of MD5-sess algorithm for compliance with RFC 2617. I make no promises as to how quickly I can do that, though. Oleg -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
