Re: Digest authentication using IIS6

Giganews Newsgroups
Subject: Re: Digest authentication using IIS6
Posted by:  nospam (aedwards\"@(nospam)
Date: Fri, 03 Oct 2008

After some extra investigation I noticed that the headers have a
slightly different comma separation.

The Apache headers have a space after each comma where the IIS headers
have no spaces.

So I changed line 209 of IdAuthenticationDigest.pas from :

LParams.Add(Fetch(S, ', '));
LParams.Add(Fetch(S, ','));

and the line from:

if not TextIsSame(FAlgorithm, 'MD5') then begin
if not TextStartsWith(FAlgorithm, 'MD5') then begin

This seems to work with IIS but obviously stops working with Apache.

I have never written Delphi before so I do not know what I am doing!
Any advise on how to check for a comma space delimited string as opposed
to a comma delimited string?


nospam wrote:
> Hello,
> I have been using Indy 10 within BDS2006(C++) for some time now.  I have
> been using Digest authentication successfully against an Apache server
> with no problems.
> However I have been unable to connect to Microsoft IIS.  I have
> successfully connected using .NET modules and with a browser.  When
> trying to connect using TIdHTTP I get an error of 'Unsupported hash
> algorithm. The implementation supports only MD5 encoding'.
> On investigation of the headers sent I have noticed that IIS sends
> 'algorithm=MD5-sess' and Apache sends 'algorithm=MD5'.  I have been
> searching the groups and I noticed a suggestion to change a line within
> IdAuthenticationDigest.pas from:
> if not TextIsSame(FAlgorithm, 'MD5') then begin
> to
> if not TextIsSame(FAlgorithm, 'MD5-sess') then begin
> I did this and recompiled Indy.  I am now left with an Indy install that
> works neither Apache nor IIS!  I should not I downloaded the latest
> version yesterday so I am up to date.
> Does anyone have any ideas on how to fix this?  I do not have Delphi
> installed so I cannot step into the code to see what is going on.
> Many Thanks
> Arron


In response to

Digest authentication using IIS6 posted by nospam on Thu, 02 Oct 2008