Hello, Thank you both for your replies. I found the problem myself: IE6 has a bug that makes it expect a comma before Realm="...". Should be like:
HTTP/1.1 401 Authorization Required..WWW-Authenticate: Digest Basic, (HERE HERE!) realm=localhost/%3EFastream.com/, uri="localhost/%3EFastream.com/", qop="auth,auth-int", nonce="MjAwNi0wMS0yNCAxMzozMTo1Nw==", opaque="ETimpfFSr8qhbccexiZCu80UjTzQdMUmMm"..Content-Length: 482..Content-Type: text/html..Connection: Keep-Alive..Server: Fastream NETFile FTP/Web Server....<HTML>< Just FYI. I also fixed the Digest code and sent to Francois. Hope he can merge it well. Best Regards, SZ ----- Original Message ----- From: "DZ-Jay" <[EMAIL PROTECTED]> To: "ICS support mailing" <twsocket@elists.org> Sent: Tuesday, January 24, 2006 6:37 PM Subject: Re: [twsocket] Need help with RFC2617 and IE bug > Maurizio Lotauro wrote: >> Scrive Fastream Technologies <[EMAIL PROTECTED]>: >> >>> Hello, >>> >>> I am trying to fix digest authentication coded by Peter. We have a big >>> problem with Internet Explorer. In the setup below, you will see a web >>> page >>> requested without first sending the "Authorization:" header. Then the >>> server >> >> I think that it is normal because you need some information from the >> server >> before starting the authentication. > > It is in fact normal: The first request does not know that > authentication is required, so the server responds with 401 and the > credential requirements. The second request includes the credentials > and the server authenticates. But I don't think this was the problem > pointed out, was it? > >>> 24.01.2006 13:31:57 From Remote >>> >>> HTTP/1.1 401 Authorization Required..WWW-Authenticate: Digest Basic >>> realm=localhost/%3EFastream.com/, uri="localhost/%3EFastream.com/", >>> qop="auth,auth-int", nonce="MjAwNi0wMS0yNCAxMzozMTo1Nw==", >>> opaque="ETimpfFSr8qhbccexiZCu80UjTzQdMUmMm"..Content-Length: >> >> Why Basic is right after Digest? It shold be in a separate header line: >> >> WWW-Authenticate: Digest realm=... >> WWW-Authenticate: Basic realm=... > > As far as I know, you may list them in the same header in the order of > preference. Setting them in different headers will just squash them > into a flat list on the client-side. So these two are the same: > > WWW-Authenticate: Digest Basic realm="foo" > > and > > WWW-Authenticate Digest realm="foo" > WWW-Authenticate Basic realm="foo" > > The problem I see, as SZ pointed out, is that IE7 submitted the wrong > realm string, which is plainly wrong. Even though the server seemed to > have acquiesced to the request, because it returned +200 and content, > however he said that IE7 crashed after that. > > I don't have IE7, so I cannot reproduce the problem -- in fact IE6.0 > seems to work fine, but I haven't been able to test in more than "Basec" > authentication, as I do not have access to a server supporting Digest at > the moment. > > Of course, it could be an IE7 bug -- perhaps Digest Authentication > hasn't been fully implemented, or some idiot left the realm hard-coded > as "Test" while debugging... In any case, is there any indication as to > what caused the crash or at what precise moment it occured? > > SZ, is there a way you could set up a test server for some of us to test > with various clients? Also, could you send me a transcript of the HTTP > transaction with Firefor or Opera, just to see what is different? > > dZ. > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be