|
From: | silvioprog |
Subject: | Re: [libmicrohttpd] Doubt about digest auth algorithm |
Date: | Sun, 13 Mar 2016 19:01:01 -0300 |
Dear Silvio,
Yes, the difference is that with basic_auth, MHD "returns" you the
password the user provided. This is not possible with digest auth. Here,
you must provide the password and call MHD_digest_auth_check().
So with digest auth, you first use MHD_digest_auth_get_username() to
find out the username, then lookup the pass in your DB and then call
MHD_digest_auth_check() with user/pass/realm/timeout to check the PW. If
you get back MHD_NO or MHD_INVALID_NONCE you should then call
MHD_queue_fail_auth_response() to ask the user to re-authenticate.
"signal_stale" should be set in this call if you got back MHD_INVALID_NONCE.
Happy hacking!
Christian
[Prev in Thread] | Current Thread | [Next in Thread] |