All geek questions in one place

Javascript Manual Authentication

I read all the digest authentication messages and I try, but I have some problems, I have a restart with digest authentication, and using javascript api I am trying to authenticate.

Firstly, I am doing an xmlhttprequest POST on the server (from the file: // in localhost: 8111, so I have a CORS problem, but solved), well, the server response with 401 and with WWW-Authenticate with this:

WWW-Authenticate:Digest realm="Guard", domain="/", nonce="MTMzOTA5Mjk1NTE2NDo0NzY2NjJiOTgyMjE1ZDc0OWU3NzM5MTkzMWNjNGQzNw==", algorithm=MD5, qop="auth"

so I take this header and apply the authentication digest algorithm: First create 2 vars, cnonce and nc:

 tokensObj["cnonce"] = 'bd5fd9b093dccaa1'; (invented) tokensObj["nc"] = '00000001';

I create the parameter "uri" in my literal object (there is a "domain" in the server response :?) I take the value "domain" and put the key of my object in the "uri".

after, I do the algorithm:

 var HA1 = MD5("login:Guard:mypassword"); var HA2 = MD5("POST:/"); var authResponse = MD5(HA1 + ':' + unquotes(tokensObj["nonce"]) + ':' + tokensObj["nc"] + ':' + tokensObj["cnonce"] + ':' + unquotes(tokensObj["qop"]) + ':' + HA2); var responseContentHeader = 'Digest username:"login"' +', realm=' + tokensObj["realm"] + ', nonce=' + tokensObj["nonce"] + ', uri=' + tokensObj["domain"] + ', algorithm=' + tokensObj["algorithm"] + ', response="' + authResponse + '"' + ', qop=' + unquotes(tokensObj["qop"]) + ', nc=' + tokensObj["nc"] + ', cnonce="' + tokensObj["cnonce"] + '"';

and I do setRequestHeader ("Authorization", responseContentHeader); So, the final header sent to the server:

 Authorization:Digest username:"login", realm="Guard", nonce="7d0c753c2fb4cdc9480403547952f1", uri="/", algorithm=MD5, response="e9d8ad8f04e42672f2c21d70257c1072", qop=auth, nc=00000001, cnonce="bd5fd9b093dccaa1"

But it doesn’t work, the server returns 401 again, all CORS headers are configured normally, so this is not a problem, server authentication, Chrome login and the header are checked. The authorization that he sets is the same (obviusly nonce is different).

Does someone think I can go? thanks

+6
source share
1 answer

Error:

 Authorization:Digest username="login", realm="Guard", nonce="7d0c753c2fb4cdc9480403547952f1", uri="/", algorithm=MD5, response="e9d8ad8f04e42672f2c21d70257c1072", qop=auth, nc=00000001, cnonce="bd5fd9b093dccaa1"
+3
source

Source: https://habr.com/ru/post/917549/

More articles:


All Articles