W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2003

Re: Basic Authentication

From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Fri, 3 Oct 2003 08:49:12 -0600 (MDT)
To: Denero Watz <denero_watz@yahoo.com>
Cc: ietf-http-wg@w3.org
Message-ID: <Pine.BSF.4.53.0310030843070.7267@measurement-factory.com>


On Fri, 3 Oct 2003, Denero Watz wrote:

> but is passing two values for an Authorization header supported?

Yes and no. Please read RFC 2616. An Authorization header is defined
using a #list construct and, hence, may contain multiple
header-fields. However, as David Morris already pointed out,
Authorization value(s) are for origin server authorization only, not
for the proxy authorization. Furthermore, I do not know how many
origin servers are compliant enough to look at multiple Authorization
values.

Forward proxies will not interpret the contents of the Authorization
header field, regardless of the number of values it contains. Forward
proxies look at Proxy-Authorization only.

HTH,

Alex.

-- 
                            | HTTP performance - Web Polygraph benchmark
www.measurement-factory.com | HTTP compliance+ - Co-Advisor test suite
                            | all of the above - PolyBox appliance


> --- Alex Rousskov <rousskov@measurement-factory.com> wrote:
> >
> > On Thu, 2 Oct 2003, Denero Watz wrote:
> >
> > >    I am a newbie to HTTP and writing an http client application.
> > > I need to authenticate to a server which is protected by basic
> > > authentication. But to connect to the original server I need to
> > > connect to a proxy which is also protected by basic
> > > authentication.
> >
> > Try using Proxy-Authorization header for proxy authnetication and
> > Authorization header for the origin server authentication. Please
> > see RFC 2617 - HTTP Authentication: Basic and Digest Access
> > Authentication for details: http://www.faqs.org/rfcs/rfc2617.html
> >
> > Alex.
Received on Friday, 3 October 2003 10:49:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:25 GMT