GET request with query and digest http authorization

Question

I have java service that I need to use (can't modify it) and web server that uses digest HTTP authorization. I'm using HttpWebRequest to communicate with the server (with GET method). NetworkCredentials needed for authentication are provided. But invoking GetResponse() generates error 400 (Bad request).

Address: http://info.server.com/someFolder/servlet.do?cmd=get_info&param=value

Request example (not complete, only relevant things):

GET /someFolder/servlet.do?cmd=get_info&param=value HTTP/1.1

Host: info.server.com

Response: 401 Authorization Required

Second request:

GET /someFolder/servlet.do?cmd=get_info&param=value HTTP/1.1

Host: info.server.com

Authorization: Digest ... uri="/someFolder/servlet.do" ... (not complete header obviously)

Second response: 400 Bad request

I've tried this request with Web browsers (IE, Firefox) and it works but it seems that browser put the whole request uri in the uri parth of Authorization header, while HttpWebRequest formats the header as above. Does anyone know how to force HttpWebRequest to put the entire uri in the Authorization header? Or maybe there is another soluation to that problem?

Thanks for the help!

Answer 1

This article from 4GuysFromRolla appears to describe implementing Basic and Digest authentication for HttpWebRequest.

http://www.4guysfromrolla.com/articles/102605-1.aspx

Answer 2

We have the same problem, and have tracked it down to the URL in the Authorization header. It looks like HttpWebRequest sends only the hostname and not the full URL. It omits:

?cmd=get_info&param=value

from the URL. Both IE8 and Chrome use the full URL, including parameters.

We've been able to fix this with a custom implementation of the Digest authorization. See this answer.