Re: [libmicrohttpd] Doubt about digest auth algorithm

From:

silvioprog

Subject:

Date:

Sun, 13 Mar 2016 19:01:01 -0300

Hello Christian,

So my logic is correct. I'll document my code using this informations.

Thank you very much! :-)

On Sun, Mar 13, 2016 at 10:36 AM, Christian Grothoff <address@hidden> wrote:

Dear Silvio,

Yes, the difference is that with basic_auth, MHD "returns" you the
password the user provided. This is not possible with digest auth. Here,
you must provide the password and call MHD_digest_auth_check().

So with digest auth, you first use MHD_digest_auth_get_username() to
find out the username, then lookup the pass in your DB and then call
MHD_digest_auth_check() with user/pass/realm/timeout to check the PW. If
you get back MHD_NO or MHD_INVALID_NONCE you should then call
MHD_queue_fail_auth_response() to ask the user to re-authenticate.
"signal_stale" should be set in this call if you got back MHD_INVALID_NONCE.

Happy hacking!

Christian

Silvio Clécio

[Prev in Thread]

Current Thread

[Next in Thread]