Re: Recognizing a WebDAV enabled client from Manfred Baedke on 2006-07-03 (w3c-dist-auth@w3.org from July to September 2006)

From: Manfred Baedke <manfred.baedke@greenbytes.de>
Date: Mon, 03 Jul 2006 16:20:35 +0200
To: Michael Wechner <michael.wechner@wyona.com>
CC: Julian Reschke <julian.reschke@gmx.de>, w3c-dist-auth@w3.org
Message-ID: <44A927B3.8070209@greenbytes.de>

Hi Michael,
> well, if there would be a standard than I don't think this should be a 
> problem. My suggestion would be that
> the client sends a WWW-Authenticate header of its supported 
> authentication schemes to the server and
> the server then checks if one of the client's suggested authentication 
> schemes is support by the server
> and is able to respond appropriately resp. responding with an 
> exception in the sense, that none of the suggested
> authentication schemes is supported.

The use of WWW-Authenticate as a request header is unspecified.
Usually, it works just the other way round: the client makes an 
unauthenticated request, then the server responds with status 401, 
sending an WWW-Authenticate header containing at least one auth challenge:

http://www.greenbytes.de/tech/webdav/rfc2616.html#status.401

Of course, the client can try preemptive authentication in it's initial 
request.

Regards,
Manfred

Received on Monday, 3 July 2006 14:21:10 UTC