Scrive Arno Garrels <arno.garr...@gmx.de>: > Maurizio Lotauro wrote: > > >> Digest authentication requires at least one server challenge per > >> protection space (realm). This is similar to basic authentication > >> which may use a realm as challenge (currently not supported by basic > >> in both THttpCli and THttpServer). > > > > The last sentence is not clear to me, can you explain? > > This was not quite correct since the THttpServer actually allows to > specify a realm with basic authentication as well.
The server must send a realm: RFC 2617 1.2 Access Authentication Framework ... The realm directive (case-insensitive) is required for all authentication schemes that issue a challenge. > However it is not easy in the THttpCli to obtain > this value unless you parse the AuthorizationRequest list. In my version this is one of the information passed to event used for the authentication :-) > Also, both do not require a persistant connection and both require > just a _single server challenge, that's the similarity I meant. We recently discussed about that. It should be always so because it is stateless. It is the NTLM that don't respect the rfc. [...] > Something like that is required, also because current authentication > code in the THttpCli is a complicated nightmare, error-prone and > contains plenty of duplicated code. I know it very well :-) I already post in the past my propose of changes, but probably it was not the right moment because I got no feedback. Bye, Maurizio. ---------------------------------------------------- This mail has been sent using Alpikom webmail system http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
