Re: 403/401 for access denied Re: Thoughts on relation to WebDAV

Werner Baumann wrote:
> 
> 
> Helge Hess wrote:
>> Summary: even if the user is authenticated, one would reissue a 401 if 
>> access is denied to a resource. Which makes me wonder in what (real 
>> world) situations one would use 403 then.
>>
> Access restrictions based on IP-address might cause a 403, for instance. 
> Basically:
> - 401 says: authenticate and the request will succeed

Nope. It means: "authenticate, and the request will not fail again with 
401. But potentially in a different way".

> - 403 says: denied, and authentication will not help.

Exactly.

> ...

BR, Julian

Received on Sunday, 25 May 2008 16:19:08 UTC