[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cannot get DIGEST with URL Authentication to work



   Scott,
   thanks for your response. Using http_getAuth() and http_setAuth() is
   what I do in test procedure test_digest_auth_3(), which works nicely.
   So do I correctly assume that calling
   http_setAuth(HTTP_AUTH_MD5_DIGEST: ...) from setUrlAuth() is something
   from the older days that is not used today?
   Regards,
   Thomas.
   ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx schrieb am 11.05.2012 23:10:15:
   > Von: sk@xxxxxxxxxxxxxxxx
   > An: ftpapi@xxxxxxxxxxxxxxxxxxxxxx,
   > Datum: 11.05.2012 23:36
   > Betreff: Re: Cannot get DIGEST with URL Authentication to work
   > Gesendet von: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
   >
   > Hi Thomas,
   >
   > DIGEST authentication must be established via http_getAuth and
   > http_setAuth. If you include a userid/password in a URL, it's assumed
   to
   > be BASIC authentication.
   >
   > The steps to use digest are:
   >
   > 1) call http_xxx to connect to the site.
   >
   > 2) get back a -1 with http_error set to HTTP_NDAUTH
   >
   > 3) call http_getauth to determine whether basic or digest was used,
   and
   > to get the realm name.
   >
   > 4) prompt user for the userid/password.  This screen should include
   the
   > realm name so the user knows what the userid/password is for.
   >
   > 5) Call http_setauth to set the values for userid/password.  (the
   output
   > of http_getauth can be used to identify whether to pass BASIC or
   DIGEST
   > to setauth)
   >
   > Hope that makes sense.
   >
   > On 5/9/2012 1:42 PM, Thomas Raddatz wrote:
   > > Hi folks,
   > >
   > > Is there somebody out there who uses DIGEST authentication combined
   with
   > > URL authentication?
   > >
   > > I have been trying to get it working for hours with no success.
   > >
   > > The standard way works nicely but when I add the user and password
   to
   > > the URL I cannot make it working.
   > >
   > > I assume that the problem is closely related to wkSaveAuth, which
   > > overrides dsAuth after do_oper() was called. My understanding is
   that
   > > the following things happen when executing test_digest_auth_1() of
   the
   > > attached RPGUnit test program:
   > >
   > > a) The program calls http_url_get_raw() with the following URL:
   > >
   > > [1]http://admin@' + Job_getTcpIpAddr() + ':8080/digest/
   > >
   > > b) setUrlAuth() guesses to use BASIC authentication and moves
   dsAuth to
   > > wkSaveAuth.
   > >
   > > c) interpret_auth() retrieves the server authentication from the
   > > response chain and populates dsAuth.
   > >
   > > d) After do_oper() wkSaveAuth is moved to dsAuth because wkSaveAuth
   does
   > > not equal to *BLANKS because some values of dsAuth are set to *OFF
   in
   > > interpret_auth(). The content of wkSaveAuth is: '000'
   > >
   > > e) The program calls http_setAuth() to switch to DIGEST
   authentication.
   > >
   > > f) Because of e) dsAuth contains '200' when setUrlAuth() is called
   the
   > > second time. The former values set by interpret_auth() were lost
   > > because of d) and hence setUrlAuth() again set BASIC
   authentication.
   > >
   > > Procedure test_digest_auth_2() follows a different approach which
   does
   > > not work either.
   > >
   > > The only procedure that works for DIGEST authentication is
   > > test_digest_auth_3() which does not use URL authentication.
   > >
   > > Any thoughts?
   > >
   >
   -----------------------------------------------------------------------
   > This is the FTPAPI mailing list.  To unsubscribe, please go to:
   > [2]http://www.scottklement.com/mailman/listinfo/ftpapi
   >
   -----------------------------------------------------------------------

   --
   IMPORTANT NOTICE:
   This email is confidential, may be legally privileged, and is for the
   intended recipient only. Access, disclosure, copying, distribution, or
   reliance on any of it by anyone else is prohibited and may be a
   criminal
   offence. Please delete if obtained in error and email confirmation to
   the sender.

References

   1. http://admin@'/
   2. http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------