473,772 Members | 2,442 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Digest Authentication (RFC 2831)

I've been trying to implement support for this authentication scheme for a
little while now, and in the last couple days I've been completely stumped.

I know about the digest authentication code in urllib2, and while I'd like
to use it directly, it is too closely tied to HTTP for my needs.

I have taken hints from the code, but I am still stuck with something that
doesn't recognize correct challenge responses as correct.

I've reduced the problem to this code:

user = "exarkun"
passwd = "password"
realm = "intarweb.u s"
nonce = "abcdefg"
qop = "auth"
method = "REGISTER"
uri = "sip:ex*****@in tarweb.us"

nc = cnonce = ''

def H(s):
return md5.md5(s).dige st()

def KD(k, s):
return H(k + ":" + s)

def HEX(s):
return s.encode('hex')

def A1(user, realm, passwd, nonce, cnonce):
r = H(user + ":" + realm + ":" + passwd)
return r + ":" + nonce + ":" + cnonce

def A2(uri, method):
return method + ":" + uri

def RESP(a1, nonce, nc, cnonce, qop, a2):
r = nonce + ":" + nc + ":" + cnonce + ":" + qop + ":"
return HEX(KD(H(a1), r + HEX(H(a2))))

def g():
return RESP(
A1(user, realm, passwd, nonce, cnonce),
nonce, nc, cnonce, qop, A2(uri, method)
)

correct = '8cf8b637395da8 475d65aaf45e4cf ad5'

v = g()
print v == correct
print correct
print v

It is, essentially, a straight translation from the RFC, but I have been
unable to get it to produce the given correct value for the given inputs.
One sticking point seems to be that the client authenticating against me
omits both the nc and cnonce values. If there is a standard correct way of
computing the digest without those values, it does not seem to be covered by
the RFC. I have tried the obvious approaches of simply removing them,
supplying "" as their value, etc, but nothing works.

I am on the verge of breaking down the md5() calls so I can discover the
point of failure more accurately, but before I did that I was hoping I might
find someone who has implemented this before and could give me some hints.

Any help is appreciated,

Jp

--
No, `Eureka' is Greek for `This bath is too hot.'
-- Dr. Who

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE/dTkpedcO2BJA+4Y RAovWAJ0dp2oVgS TC/A58gGuwvAL6ucRM LACfY50P
zIgJO4J1qBRWK+8 AWequ+kI=
=eOMN
-----END PGP SIGNATURE-----

Jul 18 '05 #1
0 1764

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
3
6552
Client side HTTP Digest Authentication using PHP
by: S?rgio Nunes | last post by:
Hi, I'm trying to retrieve the contents of a URL using file_get_contents($url). The problem is that the URL is protected via *HTTP Digest Authentication*. Is there any php library that can handle all the necessary headers during the request, or do I have to do it manually ? Thanks!
PHP
3
3190
using HTTP Digest auth with arbitrary HTTP methods?
by: John Reese | last post by:
Hello there. I've run into some missing functionality with HTTP Digest authentication in the 2.3 library and I was wondering if I'm just missing something. Missing functionality the first: urllib2 1a. You can add "handlers" to your opener indicating that you want to use HTTP Digest auth. This is nice way to handle it, but I don't see any way to use a custom verb in your URLOpener -- it always uses either GET or POST depending on...
Python
1
3291
Digest MD5 authentication over using ZSI
by: trapeze.jsg | last post by:
Hi. I am trying to get through to Microsoft MapPoint Services using ZSI for soap handling. I can generate the service classes and also the soap-requests generated by the service classes seem to be OK. The problem I am facing is that I can't seem to authenticate myself. I have made a small change to ZSI.client so that when I get a "401 Unauthorized" response from the remote server I build up a nice authorization request:
Python
7
2930
how password is stored and check the authentication??
by: jrefactors | last post by:
I want to ask how password is stored and how to check the authentication? I have heard password is never encrypted and decrypted, but it is hashed. For example, consider a simple email logon authentication in a hash table: Key: my email address Value: hash_function(my plan text password)
C / C++
0
2332
HttpWebRequest PreAuthenticate not working for Digest Authentication?
by: Wolfgang Meier | last post by:
I am using the following code to retrieve a document from my web server: HttpWebRequest req = (HttpWebRequest)WebRequest.Create("http://example.com/"); req.Method = "GET"; req.PreAuthenticate = true; req.Credentials = new NetworkCredential("user", "pass"); HttpWebResponse res = (HttpWebResponse)req.GetResponse(); res.Close();
.NET Framework
0
1311
Any way to maintain a digest-authenticated session in .NET?
by: paul | last post by:
I must (as a client application) connect via HTTP, authenticate using DIGEST authentication, and then make subsequent HTTP requests. The Problem: If I use System.Net.WebClient or System.Net.HttpWebRequest, my initial HTTP request is met with a: HTTP/1.1 401 Unauthorized xxx Set-Cookie: ARPT=ZYQ123; path=/
ASP.NET
2
3360
Python code to do the *server* side of digest authentication?
by: Dan Lenski | last post by:
Hi all, I've got a very simple HTML proxy server to access the web from my cell phone (based on this code: http://www.okisoft.co.jp/esc/python/proxy/). It's a very retarded phone that freezes if there's no Content-Length header and some other circumstances, so I have to tweak and modify the headers received slightly. But it works quite well with these hacks. Now I'd like to add proxy authentication so that I'm not running this open...
Python
2
2499
Digest Authentication to TCP/Http based small server
by: Reg | last post by:
Hello, Is it possible to code Digest based Authentication to small socket TCP/HTTP server? Has anyone experince how to do it? Cheers and Thanks,
C# / C Sharp
0
2350
Problem accessing/redirecting URL protected by digest authentication
by: embeddedbob | last post by:
Hi there, I appreciate any help on the following issue. I can't seem to find any other similar topic. (CS4, ActionScript 3.0, Flash 10) I have a SWF embedded within a page that is protected by digest authentication. To access this page, the browser asks for username/password. So far so good, the SWF works fine. Now, within that SWF, the script uses URLLoader to POST to another URL on the same server (but a different path than the page)....
Flash / Actionscript
0
9454
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10106
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
9914
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
1
7461
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6716
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5484
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4009
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3610
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2851
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us