Hi Michael, > well, if there would be a standard than I don't think this should be a > problem. My suggestion would be that > the client sends a WWW-Authenticate header of its supported > authentication schemes to the server and > the server then checks if one of the client's suggested authentication > schemes is support by the server > and is able to respond appropriately resp. responding with an > exception in the sense, that none of the suggested > authentication schemes is supported. The use of WWW-Authenticate as a request header is unspecified. Usually, it works just the other way round: the client makes an unauthenticated request, then the server responds with status 401, sending an WWW-Authenticate header containing at least one auth challenge: http://www.greenbytes.de/tech/webdav/rfc2616.html#status.401 Of course, the client can try preemptive authentication in it's initial request. Regards, ManfredReceived on Monday, 3 July 2006 14:21:10 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 12 October 2007 17:53:26 GMT