W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2006

Re: Recognizing a WebDAV enabled client

From: Joe Feise <jfeise@ics.uci.edu>
Date: Fri, 30 Jun 2006 07:30:04 -0700
Message-ID: <44A5356C.1060009@ics.uci.edu>
To: Michael Wechner <michael.wechner@wyona.com>
CC: Julian Reschke <julian.reschke@gmx.de>, w3c-dist-auth@w3.org

Michael Wechner wrote on 06/30/06 06:55:

> 
> right, this might makes sense for formats. But I would argue with 
> another usecase, namely Custom Authentication
> instead of HTTP authentication (BASIC or DIGEST).
> 
> Let's assume a resource is protected and a server would like to offer 
> custom authentication, e.g. it would send
> a HTML to a regular browser and some WebDAV specific XML to a WebDAV 
> enabled client, whereas I haven't digged into
> WebDAV far enough how something like this could be handled by the WebDAV 
> spec.


Authentication is independent of the response body.
It is all done in the HTTP headers.
Nothing prevents a client to send an Authorization header without receiving a
401 response beforehand (RFC 2616, section 14.8.)
And servers are free to send multiple WWW-Authenticate headers, for each one of
the authentication schemes they support (for example, IIS can indicate support
for the custom NTLM authentication.)
So, I still fail to see what the problem is.

-Joe
Received on Friday, 30 June 2006 14:30:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:14 GMT