Javascript digest manually authentication

 

i read all the posts about digest authentication and i'm trying but i have any problem, i have a restlet with the digest authentication implemented, and with a javascript api i'm trying to authenticate.

First, i do the xmlhttprequest POST to the server (from file:// to localhost:8111 so i have the CORS problem but is solved), well, the server response with the 401 and with the WWW-Authenticate header with this: 

WWW-Authenticate:Digest realm="Guard", domain="/",        nonce="MTMzOTA5Mjk1NTE2NDo0NzY2NjJiOTgyMjE1ZDc0OWU3NzM5MTkzMWNjNGQzNw==", algorithm=MD5, qop="auth"

so i take this header and apply the authentication digest algorithm: First create 2 vars, "cnonce" and "nc": 

tokensObj["cnonce"] = 'bd5fd9b093dccaa1'; (invented)
tokensObj["nc"] = '00000001';

i create in my literal object the 'uri' parameter (in the server response there are a "domain" :?) i take the value of 'domain' and put in the 'uri' key of my object.

after, i do the algorithm: 

var HA1 = MD5("login:Guard:mypassword");
var HA2 = MD5("POST:/");
var authResponse = MD5(HA1 + ':' + 

        unquotes(tokensObj["nonce"]) +
        ':' +
        tokensObj["nc"] +
        ':' +
        tokensObj["cnonce"] +
        ':' +
                    unquotes(tokensObj["qop"]) +
        ':' +
        HA2);
var responseContentHeader = 'Digest username:"login"' +', realm=' + tokensObj["realm"] +
                           ', nonce=' + tokensObj["nonce"] +
                           ', uri=' + tokensObj["domain"]  +
               ', algorithm=' + tokensObj["algorithm"] +
               ', response="' + authResponse + '"' +
               ', qop=' + unquotes(tokensObj["qop"]) + 
               ', nc=' + tokensObj["nc"] +
               ', cnonce="' + tokensObj["cnonce"] + '"';

and i do the setRequestHeader("Authorization",responseContentHeader); So, the final header that send to the server is: 

Authorization:Digest username:"login", realm="Guard", nonce="7d0c753c2fb4cdc9480403547952f1", uri="/", algorithm=MD5, response="e9d8ad8f04e42672f2c21d70257c1072", qop=auth, nc=00000001, cnonce="bd5fd9b093dccaa1"

But not works, the server returns the 401 again, all the CORS headers are set ok, so it isn't the problem, the server authentication digest is tested, login with Chrome and the header Authorization that it puts is the same of mine (obviusly the nonce is different).

Someone seems anything that i may be going? Thanks

错误是: 

Authorization:Digest username="login", realm="Guard", nonce="7d0c753c2fb4cdc9480403547952f1", uri="/", algorithm=MD5, response="e9d8ad8f04e42672f2c21d70257c1072", qop=auth, nc=00000001, cnonce="bd5fd9b093dccaa1"
链接地址: http://www.djcxy.com/p/22290.html

上一篇: 如何在摘要身份验证期间处理服务器随机数

下一篇: Javascript摘要手动验证