[issue2202] urllib2 fails against IIS 6.0 (No support for MD5-sess auth)
Manuel Muradás
report at bugs.python.org
Thu Jan 21 22:53:56 CET 2010
Manuel Muradás <mmuradas at dieresys.com.ar> added the comment:
Here is a patch for supporting MD5-sess, following RFC2617 specification.
Some comments/warnings:
* I've only tested the patch against IIS 6.0. I don't know about other servers supporting MD5-sess.
* IIS 6.0 expects the User Agent to send the URI (in the Authorization header) without the query string.
* This patch doesn't add support for Digest sessions. For each request we make, we get a new [401|407] message with a new nonce (depending if we're talking about a proxy with digest authentication or a web server). Then we generate another authenticated request using that nonce. For Digest sessions to be fully supported, we should be adding an [WWW|Proxy]-Authenticate header in each following request we made to the server using the last nonce. This includes both MD5-sess and MD5 digest implementations.
* A1 is being recalculated for every request. Given the above, this is not a real problem.
I'll open a new ticket regarding Digest sessions.
----------
keywords: +patch
nosy: +dieresys
Added file: http://bugs.python.org/file15964/urllib2-support_md5-sess.diff
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue2202>
_______________________________________
More information about the Python-bugs-list
mailing list