NTLM auth with www-authenticate

[Payne747]

Forgive me if I'm being really dumb, but say you have a proxy returning a
"401 Unauthorized" with two "www-authenticate" headers for NTLM and BASIC
realms, can Opera handle this? In my tests it returns authentication
method unsupported errors, even though the proxy (admitedly using
www-authenticate) gives it the option to drop down to BASIC auth?

Thanks,

John Payne

-- http://www.the-serpent.co.uk --

[Dirk Fieldhouse]

In article <op.ugjsz...@paynejlt.internal.cacheflow.com>,
payn...@nospam.com says...

>Forgive me if I'm being really dumb, but say you have a proxy returning a
>"401 Unauthorized" with two "www-authenticate" headers for NTLM and BASIC
>realms, can Opera handle this? In my tests it returns authentication
>method unsupported errors, even though the proxy (admitedly using
>www-authenticate) gives it the option to drop down to BASIC auth?

I can confirm that Opera 9.61/W98 will successfully handle the response

HTTP/1.1 401 Authorization Required
...
WWW-Authenticate: Basic realm="<prompt censored>"
...

by sending a valid Authorization header and Credentials with the next GET.

However it doesn't send any Authorization header or Credentials in response to

HTTP/1.1 401 Authorization Required
...
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="<prompt censored>"
...

Although a proxy is available, these transcripts are direct intranet
connections. It may (or not) be relevant that the first server is Apache and
the second IIS6.

hth
/df