Browser Support for HTTP/1.1 Digest Authentication

As digest authentication is defined as a feature of the HTTP/1.1 protocol only those browsers will respond with MD5 digest user credentials. HTTP/1.0 browsers will respond with Base64 encoded user credentials.

Additionally, the browser must have HTTP/1.1 enabled in the user settings. Finally, if the user is passing through a proxy that is only capable of HTTP/1.0 then MD5 digest user credentials will not be used.

WanderWare will accept either form of authentication as requested by the client browser.

Browser versions known to support HTTP/1.1 are:

Internet Explorer 5.0+
Opera 4.0+
Lynx x.?

Note: While there have been mentions of problems in compliance with RFC 2069 in the implementation of digest authentication in Internet Explorer, this has not been our experience. In implementing the server side code for digest authentication in the isapi authentication filter, by referencing RFC 2069, it has been observed in instrumented testing that the authentication responses sent by Internet Explorer have been exactly those that would be expected from a compliant browser. Furthermore, despite following many leads, and contacting the author of the original article directly, we have not been able to find any published details documenting any failure with respect to compliance with RFC 2069 in Internet Explorer.


System Requirements
Performance Considerations
table of contents
full printable document





password protection ...
... industrial strength
distributed password protection
iis basic authentication
iis digest authentication

copyright(c) 2003
all rights reserved

design -