No, I don't believe that Django's response class supports that slightly esoteric usage.
As explained by the stackoverflow answer here<http://stackoverflow.com/questions/4371328/are-duplicate-http-response-headers-acceptable>, repeated headers should be treated as being the same as a single header containing a comma separated list of values. That answer appears to indicate that it's valid for the WWW-Authenticate header to be used in this way, so 'Negotiate, Basic relam= ....'. Also see RFC 2616, Sec 14<http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.47> "if more than one WWW-Authenticate header field is provided, the contents of a challenge itself can contain a comma-separated list of authentication parameters.", however I wouldn't be at all surprised if some client libraries don't correctly interpret that for you. Hope that helps... Tom On Monday, 20 January 2014 07:51:05 UTC, Alexey Gusev wrote: > > Im developing small intranet web service. I want authenticate users over > kerberos in MS AD or with basic auth. For that reason i need to set two > 'WWW-Authenticate' http headers in response 401. How can i do it with > Django ? > > Should be something like this: > > Client: GET www/index.html > Server: HTTP/1.1 401 Unauthorized > WWW-Authenticate: Negotiate > WWW-Authenticate: Basic realm="corp site" > > This code overwrite header: > > def auth(request): > response = None > auth = request.META.get('HTTP_AUTHORIZATION') > if not auth: > response = HttpResponse(status = 401) > response['WWW-Authenticate'] = 'Negotiate' > response['WWW-Authenticate'] = 'Basic realm=" trolls place basic > auth"' > > elif auth.startswith('Negotiate YII'): > ... > > return response > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/b6837442-469c-4c09-bb60-33ee324f0fbb%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
