libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Doubt about digest auth algorithm


From: silvioprog
Subject: Re: [libmicrohttpd] Doubt about digest auth algorithm
Date: Sun, 13 Mar 2016 19:01:01 -0300

Hello Christian,

So my logic is correct. I'll document my code using this informations.

Thank you very much! :-)

On Sun, Mar 13, 2016 at 10:36 AM, Christian Grothoff <address@hidden> wrote:
Dear Silvio,

Yes, the difference is that with basic_auth, MHD "returns" you the
password the user provided. This is not possible with digest auth. Here,
you must provide the password and call MHD_digest_auth_check().

So with digest auth, you first use MHD_digest_auth_get_username() to
find out the username, then lookup the pass in your DB and then call
MHD_digest_auth_check() with user/pass/realm/timeout to check the PW. If
you get back MHD_NO or MHD_INVALID_NONCE you should then call
MHD_queue_fail_auth_response() to ask the user to re-authenticate.
"signal_stale" should be set in this call if you got back MHD_INVALID_NONCE.

Happy hacking!

Christian

--
Silvio Cl├ęcio

reply via email to

[Prev in Thread] Current Thread [Next in Thread]