IIS rejects standard Authorization: Digest header
- From: "Maurits" <mvaneerde@xxxxxxxxx>
- Date: 20 Mar 2006 11:57:05 -0800
The IE team has announced that IE 7 will put warning messages on Basic
Authentication username/password prompts.
So, I'm trying to get Digest Authentication set up as an alternative to
Basic Authentication.
I'm finding that IIS is rejecting Authorization: Digest headers from
Firefox, but accepting them from IE.
The Firefox header looks like this:
Authorization: Digest ... qop=auth ...
The Internet Explorer header looks like this
Authorization: Digest .... qop="auth", algorithm="MD5" ...
According to RFC 2617, Authorization headers MUST NOT put quotes around
the qop and algorithm values. So the Firefox header is right, and the
IE header is wrong.
I've only tested IIS 5. Does IIS 6 or IIS 7 accept standard
Authorization headers? If not, are there plans to fix this?
As IE has a large install base of browsers that all generate the
non-standard headers, IIS should accept both versions for a while.
See https://bugzilla.mozilla.org/show_bug.cgi?id=330702 for repro,
header logs, etc.
.
- Follow-Ups:
- Re: IIS rejects standard Authorization: Digest header
- From: Maurits
- Re: IIS rejects standard Authorization: Digest header
- Prev by Date: IIS Manager Closes Unexpectedly
- Next by Date: Re: IIS rejects standard Authorization: Digest header
- Previous by thread: IIS Manager Closes Unexpectedly
- Next by thread: Re: IIS rejects standard Authorization: Digest header
- Index(es):
Relevant Pages
|
