Hi All, I just finished an implementation of Digest Access Authentication in the THttpCli. Digest authentication requires at least one server challenge per protection space (realm). This is similar to basic authentication which may use a realm as challenge (currently not supported by basic in both THttpCli and THttpServer).
Once a client is authenticated it MAY preemptively send the corresponding Authorization header with requests for resources in that protection space without receipt of another challenge from the server. This is currently not implemented in the THttpCli so always two requests are required with authentication which is horribly slow! I doubt that the THttpCli itself should handle those 'preemptive Authorization headers' instead it should provide some option which makes it possible/easy to lookup, create send those 'preemptive Authorization headers' at the application level or maybe in derived classes. Currently there is IMO no such option, the 401 and 407 error codes are handled silently internally. Any thoughts and suggestions? -- Arno Garrels [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
