HTTP Authentication-Digest Authentication

Source: Internet
Author: User
Tags auth http authentication http digest authentication md5

An alternative method of Basic authentication proposed by Certified Digest authentication ←http1.1

Server-side to nonce for questioning, the client to the user name, password, nonce,http method, the request URI, such as the basis of information generated by the response information to authenticate the way.

※ Clear Text delivery without a password

Summary Authentication steps:

1. Clients access a resource that is protected by HTTP Digest authentication.

2. The server returns 401 status and nonce information, requiring the client to authenticate.

http/1.1 401 Unauthorized

Www-authenticate: Digest

Realm= "Testrealm@host.com",

Qop= "Auth,auth-int",

Nonce= "dcd98b7102dd2f0e8b11d0f600bfb0c093",

Opaque= "5ccc069c403ebaf9f0171e9517f40e41"

3. The client will return the summary information of the user name, password, nonce value, HTTP method, and the requested URI as the basis for the checksum value (the default is the MD5 algorithm) to the server.

Five intelligence required for certification:

? Realm: Include information in the response

? Nonce: Include information in the response

? Username: User Name

? Digest-uri: URI of the request

? Response: With the above four information plus password information, using the MD5 algorithm to derive the string.


Authorization: Digest

Username= "Mufasa", ← Client-known information

Realm= "testrealm@host.com", ← Server-side Challenge Response information

Nonce= "dcd98b7102dd2f0e8b11d0f600bfb0c093", ← Server-side Challenge Response information

Uri= "/dir/index.html", ← Client-known information

qop=auth,← server-Side Challenge Response information

nc=00000001,← Client-Calculated information

Cnonce= "0a4f113b", ← Client-Calculated client Nonce

response= "6629fae49393a05397450978507c4ef1", ← Final summary information HA3

Opaque= "5ccc069c403ebaf9f0171e9517f40e41" ← Server-Side Challenge Response information

4. If the authentication succeeds, the corresponding resource is returned. If the authentication fails, it still returns a 401 status and requires authentication again.


Special NOTES:

1. To avoid the transmission of passwords as clear text on the network, relatively improved the security of HTTP authentication.

2. When a user first sets a password for a realm, the server saves a hash value (HA1) based on the user name, realm, and password, rather than the password itself.

3. If qop=auth-int, in addition to the HTTP method and URI path, the request entity body is included in the calculation of HA2 to prevent the put and post requests from being tampered with.

4. However, because nonce itself can be used for summary authentication, it is not possible to ensure the security of the data passed over after authentication.


※nonce: A random string that returns a different nonce each time a 401 response is returned.

※nounce: Random string, each request gets a different nounce.

※MD5 (Message Digest algorithm 5, Information Digest algorithm)

① Username: Realm: Password ⇒HA1

②http Request Way: URI⇒HA2

③ha1:nonce:nc:cnonce:qop:ha2⇒ha3

Above excerpt: http://blog.csdn.net/hotnet522/article/details/5824716


Here's the code:

-(void) Initinternetimagedata: (NSString *) urlstr name: (NSString *) Username password: (nsstring *) password{

NSLog (@ "urlstr====%@", urlstr);

Nsurl *url1=[nsurlurlwithstring:[urlstr Stringbyaddingpercentescapesusingencoding:nsutf8stringencoding]];

Custom Request

Nsmutableurlrequest *request1 = [NSMUTABLEURLREQUESTREQUESTWITHURL:URL1];

Request Expiration Time

Request1.timeoutinterval = 5;

GET request

Request1. HttpMethod = @ "Get";

Nsurlsession * Session1=[nsurlsessionsharedsession];

[[Session1 datataskwithrequest:request1completionhandler:^ nsdata *_nullable data, Nsurlresponse *_Nullable , Nserror * _nullable error) {

Nshttpurlresponse * hresponse1= (Nshttpurlresponse *) response;

NSLog (@ "response=======%@", Hresponse1);

if (hresponse.statuscode==401) {

Nsarray * urlarr=[urlstr componentsseparatedbystring:@ "/"];

Nsmutablestring * Urlstr2=[[nsmutablestringalloc]init];

if ([Urlarr Iskindofclass:[nsarrayclass]]) {

for (int i=3; i<urlarr.count; i++) {

[UrlStr2 appendformat:@ "/%@", Urlarr[i]];

}

}


NSString * autho=[selfhandle401code:hresponse1 url2:urlstr2 user:username Pass:password];

Nsmutableurlrequest *request2 = [[Nsmutableurlrequestalloc]initwithurl:url];

request2.timeoutinterval=5;

[Request2 addvalue:autho forhttpheaderfield:@ "Authorization"];

[Request2 sethttpmethod:@ "get"];

Nsurlsession * Session2=[nsurlsessionsharedsession];

[[Session2 datataskwithrequest:request2completionhandler:^ nsdata *_nullable data, Nsurlresponse *_Nullable , Nserror * _nullable error) {

Nshttpurlresponse * hresponse2= (Nshttpurlresponse *) response;

if (data.length>100) {

NSString *urlresult = [hresponse2.urlabsolutestring];

NSLog (@ "urlresult=======%@", Urlresult);

[Self chaxun:urlresult data:data];

}

}]resume];

}

}] resume];


}



-(NSString *) Handle401code: (Nshttpurlresponse *) Response url2: (NSString *) url2 User: (NSString *) Username pass: ( NSString *) password

{


NSString *wwwauthenticate = [[Response allheaderfields]objectforkey:@ "Www-authenticate"];

NSString *realm = nil;

NSString *qop = nil;

Nsstring*nonce = nil;

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.