RE: Interop issue: how can clients force authentication?

> -----Original Message-----
> From: Jason Crawford [mailto:nn683849@smallcue.com]
> Sent: Tuesday, September 17, 2002 9:34 PM
> To: Lisa Dusseault
> Cc: 'Ilya Kirnos'; 'Julian Reschke'; 'Webdav WG'
> Subject: RE: Interop issue: how can clients force authentication?
> 
> > There may be other methods which an unauthenticated user can receive
a
> > success response, but which would work even better if the user were
> > authenticated.
> 
> Shouldn't the server just ask for authentication for those methods?
> 

Not necessarily; if it's possible for the request to return a success
response if the user is unauthenticated, then the server must do so
right away or it may never be able to give a success response.

If a 401 error is returned the first time a client asks to do one of
these methods (like a PROPFIND to a partially-readable collection), how
does the server know the client will ever make the same request?  Maybe
the user doesn't know a username/password and so hits "cancel", and the
client doesn't retry.  And if the client software retries, again without
a username/password, by your logic the server would just respond 401
again.

Lisa

Received on Wednesday, 18 September 2002 02:22:01 UTC