Stack Overflow
Stack Overflow

Questions tagged [www-authenticate]

64 questions
28
votes
4 answers

How to find if NTLM or Kerberos is used from WWW-Authenticate: Negotiate header

I am programming a client application in .Net that communicates with server via HTTP. I need to set different request buffering options in case of NTLM and Kerberos authorization. How to find out if NTLM or Kerberos is used? Is it possible to…
IT Hit WebDAV
  • 5,652
  • 12
  • 61
  • 98
24
votes
1 answer

Logging a user out when using HTTP Basic authentication

I want users to be able to log in via HTTP Basic authentication modes. The problem is that I also want them to be able to log out again - weirdly browsers just don't seem to support that. This is considered to be a social-hacking risk - user leaves…
Keith
  • 150,284
  • 78
  • 298
  • 434
23
votes
4 answers

How to send Authorization header with browser

I have implemented a web server which uses Basic authentication(using spring security). I disabled the default authentication entry point when accessing a URL (instead of responding 401 with www-authentication header, it just returns 401), the…
zeralight
  • 620
  • 1
  • 5
  • 19
16
votes
1 answer

Returning HTTP 401 status for AJAX responses without WWW-Authenticate

Is it OK to return an HTTP 401 status for a response to an AJAX call if you wish to convey that the user is not logged in, even though the login mechanism is form-based and not HTTP based (Basic, Digest, etc.)? The answer here suggests that 401…
user193130
  • 8,009
  • 4
  • 36
  • 64
7
votes
3 answers

Can I indicate to clients that SPNEGO is supported but NTLM is not for HTTP requests?

The two WWW-Authenticate additions Microsoft makes use of that I am currently aware of are NTLM Negotiate If Negotiate is sent down from the server, based on a set of conditions Kerberos will be used Intranet Zone Accessing the server using a…
Scott Markwell
  • 1,091
  • 2
  • 16
  • 33
7
votes
1 answer

urllib2.HTTPError: HTTP Error 401: Unauthorized

My requirement is to download an abc.zip file from some website http://clientdownload.xyz.com/Documents/abc.zip For this activity I have written a python script as follows: url_to_check = 'http://clientdownload.xyz.com/Documents/abc.zip' …
user3301805
  • 71
  • 1
  • 2
  • 4
6
votes
3 answers

C# HttpClient authorization header removed after send to server

I wanna send request to external API through the HttpClient from my own API in c#. I am using dot net 5 and basic authentication. Here is my code: var client = new HttpClient { BaseAddress = new Uri(baseUrl) }; HttpRequestMessage…
Aliasghar Ahmadpour
  • 436
  • 6
  • 24
6
votes
0 answers

Akka-Http WWW-Authenticate rendering without quotes

In my akka-http application I am returning a response from another security service that responds with a WWW-Authenticate header: When akka-http parses this header and then renders the WWW-Authenticatevalue to a string the quotes on one of the…
JoshG
  • 91
  • 3
5
votes
1 answer

C# HttpListener multiple authentication schemes and Chrome

Ok, this is a long question, but I think it worth this. What we have: A sample dummy C# console application, that start self-hosted owin ASP.Net WebAPI service (Microsoft.AspNet.WebApi.OwinSelfHost NuGet package): class Program { static void…
vasily.sib
  • 3,871
  • 2
  • 23
  • 26
5
votes
3 answers

How to return 401 authentication from flask API?

I have developed an API in flask which is using HttpBasicAuth to authenticate users. API is working absolutely fine in fiddler and returning 401 when we pass wrong credential but when I am using the same on login page I am getting extra pop up from…
Mukesh
  • 115
  • 1
  • 2
  • 9
5
votes
0 answers

How to get the full WWW-Authenticate header using the Dot-NET HttpClient?

Scenario I am working on a web program for Windows Phone 8 (not that I think it matters) and using Microsoft HTTP Client Libraries The problem When the user tries to GET the URL, I need to know what type of authentication is needed when the response…
Barnstokkr
  • 2,904
  • 1
  • 19
  • 34
4
votes
0 answers

Firefox not showing auth pop-up during www-authenticate negotiate

I have java app that authenticates users based on kerberos WWW-Authenticate Negotiate through browser. All Chromium-based ones behaves identically — sends NTLM ticket which is not supported in the app, gets 401 Unauthorized back, prompts for…
showgazer
  • 91
  • 1
  • 1
  • 5
3
votes
3 answers

WWW-Authenticate signout

I noticed that once Firefox pops up a modal in response to a WWW-Authenticate header in an HTTP response. Then, Firefox saves the username/password until Firefox is closed. The Web Developer plug-in makes it possible for developer-minded people to…
User1
  • 39,458
  • 69
  • 187
  • 265
2
votes
0 answers

POSTMAN Digest authentication not working

I am trying to access a REST API (Shopware to be specific), which is hosted externally. When I log in to the frontend in the browser, I first need to enter a set of credentials in the browser authentication pop up. And then the application opens and…
kiruthika
  • 41
  • 3
2
votes
0 answers

Is there way to drop WWW-Authenticate in Chrome when 401 is received through AJAX redirect?

I'm using AJAX to make call, withCredentials = true, to IdP service. It returns response message with form which redirects to another URL. Only in Google chrome, it prompts for credential in which I assume 401 is received, but I want it to fail,…
jkim
  • 152
  • 1
  • 3
  • 15
1
2 3 4 5