Hi Mark,
On Sat, 1 Jun 2002 21:23:10 -0400, in soap you wrote:
>Hi Simon,
>
>On Sat, Jun 01, 2002 at 03:45:12PM -0700, Simon Fell wrote:
>>
>> Hi,
>>
>> I'm trying to work out how authentication and persistent connections
>> interact. I initially thought that the authentication header will only
>> apply to the scope of that particular HTTP exchange, however I'm
>> seeing with IIS that subsequent requests on the same connection
>> continue to be treated as authenticated even if the following request
>> doesn't specify an authentication header.
>>
>> Can anyone clarify what the expected behavior should be ?
>
>If that's what's happening, IIS is broken. The connection style
>doesn't impact the statelessness of the interaction.
>
>Are you sure that's what you're observing?
>
>MB
I Just double checked everything and this I'm definitely seeing this.
I have IIS running on W2K Server with SP2, and have a page configured
for authenticated access only. I have a test HTTP/1.1 client that is
POSTing to this page. If i do 2 consecutive POSTs the first with an
Authorization header and the second without one, the second POST
succeeds, rather than getting the expected 401. If i swap the two
POSTs around, so that the first one doesn't have the Authorization
header, then i do get the expected 401. I've attached a capture of the
HTTP traffic [from Ethereal]
Cheers
Simon
POST /ilab/soap2.asp HTTP/1.1
Content-Type: text/xml; charset=UTF-8
User-Agent: PocketSOAP/1.3.2
Accept-Charset: UTF-8, UTF-16
Host: enigma.simonathome.com
Content-Length: 382
SOAPAction:
Authorization: Basic c2ltb246ZnNvbA==
<S:Envelope
S:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";
xmlns:S="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:a="http://soapinterop.org/";
xmlns:XS="http://www.w3.org/2001/XMLSchema";
xmlns:XI="http://www.w3.org/2001/XMLSchema-instance";>
<S:Body><a:echoString><inputString XI:type="XS:string">xxxxx</inputString>
</a:echoString>
</S:Body></S:Envelope>HTTP/1.1 100 Continue
Server: Microsoft-IIS/5.0
Date: Sun, 02 Jun 2002 01:41:03 GMT
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sun, 02 Jun 2002 01:41:03 GMT
Content-Length: 512
Content-Type: text/xml; charset=UTF-8
Expires: Sun, 02 Jun 2002 01:41:03 GMT
Cache-control: private
<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";><SOAP-ENV:Body><m:echoStringResponse
xmlns:m="http://soapinterop.org/";><outputString
xsi:type="xsd:string">xxxxx</outputString></m:echoStringResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>POST
/ilab/soap2.asp HTTP/1.1
Content-Type: text/xml; charset=UTF-8
User-Agent: PocketSOAP/1.3.2
Accept-Charset: UTF-8, UTF-16
Host: enigma.simonathome.com
Content-Length: 382
SOAPAction:
<S:Envelope
S:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";
xmlns:S="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:a="http://soapinterop.org/";
xmlns:XS="http://www.w3.org/2001/XMLSchema";
xmlns:XI="http://www.w3.org/2001/XMLSchema-instance";>
<S:Body><a:echoString><inputString XI:type="XS:string">xxxxx</inputString>
</a:echoString>
</S:Body></S:Envelope>HTTP/1.1 100 Continue
Server: Microsoft-IIS/5.0
Date: Sun, 02 Jun 2002 01:41:03 GMT
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sun, 02 Jun 2002 01:41:03 GMT
Content-Length: 512
Content-Type: text/xml; charset=UTF-8
Expires: Sun, 02 Jun 2002 01:41:03 GMT
Cache-control: private
<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";><SOAP-ENV:Body><m:echoStringResponse
xmlns:m="http://soapinterop.org/";><outputString
xsi:type="xsd:string">xxxxx</outputString></m:echoStringResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>
