I want to implement this, so I build a test app. The client sends in a POST
with no credentials and the HTTPCommandGet handler fires OK. I set the
response code to 401, add the 'Digest', nonce, algorithm, realm, opaque etc.
stuff to the WWW-Authenticate response headers and let it go, (actually, I
used the CustomHeaders for the WWW-A response - the built-in TidHeaderList
for authentication only seems to work for basic).
The HTTPCommandGet handler does not fire again.
The client, (TidHTTP), is receiving the POST response OK, parses/checks the
headers OK and opens a second connection to the server in an attempt to
authenticate with what I assume is the the appropriate digest but, since the
HTTPCommandGet is not fired and the request not handled, the connection is
dropped immediately by the server with the usual CCG exception at the
client.
The second connection does fire the HTTPServerConnect and
HTTPServerCreatePostStream handlers, but not the HTTPCommandGet.
I guess I can handle the second connection, together with the digest-check,
in the HTTPServerCreatePostStream, but should the HTTPCommandGet not fire
for this second connection?
Rgds,
Martin
