Re: 403/401 for access denied Re: Thoughts on relation to WebDAV

From: Julian Reschke <julian.reschke@gmx.de> Date: Sun, 25 May 2008 18:18:24 +0200 Message-ID: <48399150.6030701@gmx.de> To: Werner Baumann <werner.baumann@onlinehome.de> CC: w3c-dist-auth@w3.org · This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:16 GMT

Werner Baumann wrote:
> 
> 
> Helge Hess wrote:
>> Summary: even if the user is authenticated, one would reissue a 401 if 
>> access is denied to a resource. Which makes me wonder in what (real 
>> world) situations one would use 403 then.
>>
> Access restrictions based on IP-address might cause a 403, for instance. 
> Basically:
> - 401 says: authenticate and the request will succeed

Nope. It means: "authenticate, and the request will not fail again with 
401. But potentially in a different way".

> - 403 says: denied, and authentication will not help.

Exactly.

> ...

BR, Julian