I cannot get DIGEST to work and I think its because the response formulae in CreateAuthorizationString
that i use in my web client is not the same as the response formulae in HeaderAuthentication that is used by my server to confirm the response
my client sends something like this
Digest username="ServiceLoginName", realm="", qop="auth", algorithm="MD5", uri="/", nonce="", nc=00000001, cnonce="", opaque="", response="e711aca2bffef0ef1ae1cc9435237648"
when i provide the same password to GetPassword in my server it seems to calculate a different/incorrect response - so fails
I don't know what the correct structure is for the digest, so i assume the CreateAuthorizationString code is more correct as I assume it has been in production and tested against none Nettalk servers.
To correct this I tweaked my Netweb.Clw NetWebServerWorkerBase.HeaderAuthentication Procedure() so that it does the same as CreateAuthorizationString does
...
If password.Length()
TempString1 = username.GetValue() & ':' & item.GetValue() & ':' & Password.GetValue()
NetMD5(TempString1, len(clip(TempString1)), TempString1)
item.setvalue(str.GetLine(str.InLine('uri=', , , , , , st:begins)))
item.SetValue(item.Between('"','"'))
item.prepend('GET:') ! <=============== Fix: this is effectively the way CreateAuthorizationString does this part
! item.prepend('GET:/') ! <=============== Was THIS
TempString2 = item.getvalue()
NetMD5(TempString2, len(clip(TempString2)), TempString2)
...
Part of me feels this should be the otherway around as GET:// feels more right and the fix should be in CreateAuthorizationString
but i dunno, perhaps its just inconsistent assumptions about how to deal with some of these optional values (uri in particular)
so don't know if this will work when i expose my webservice to non clarion developers...
which is correct?
poul