1

I'm getting confused about how to supply the challenge to the server for authentication. It is a RESTFul architecture. From my server, I am returning this:

function authenticate()
    {
        $realm = 'Logging';
        $users = array('admin' => 'mypass', 'guest' => 'guest');
      if (empty($_SERVER['PHP_AUTH_DIGEST']))
      {
            header('HTTP/1.1 401 Unauthorized');
            //header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
            echo json_encode(array("realm"=>$realm,"qop"=>"auth","nonce"=>uniqid(),"opaque"=>md5($realm)));         
            exit;      
      }

        // analyze the PHP_AUTH_DIGEST variable
      if (!($data = MyFunction::http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || !isset($users[$data['username']]))
         die('Wrong Credentials!');

       // generate the valid response
      $A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
      $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
      $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);

      if ($data['response'] != $valid_response) die('Wrong Credentials!');
        // ok, valid username & password
        echo 'You are logged in as: ' . $data['username'];
        exit;   
    }

Now on the client, how do I supply the challenge contain the username and the password to the server? Just tell me the procedure I need to perform with the values obtained from the server.

Paul Sweatte
  • 24,148
  • 7
  • 127
  • 265
Noor
  • 19,638
  • 38
  • 136
  • 254
  • what framework are you using on the server side? what is the client (a service, application, web browser, etc)? – Dmitry B. Dec 02 '11 at 04:26
  • On the server, I'm using recess, on the client I'm using GWT, in fact, I just the procedures needed to perform the authentication?? – Noor Dec 02 '11 at 05:27

0 Answers0