Posted On 05.11.1962
M9 1a8 8 0 1 0 0 16A8 8 0 0 0 9 1zm. Join Stack Overflow to learn, share knowledge, and build your career. M9 1a8 8 0 1 0 0 16A8 8 0 0 0 9 1zM8 15. Authproxy bitcoin application is protected by Basic Authentication.
Let’s say it is hosted on app. An HTTP proxy, in front of the application, requires authentication as well. After reading the specs, I’m not really sure on how I should implement this. The user makes an HTTP request to the proxy without any sort of authentication.
Question: Is this Proxy-Authenticate header correctly set? The client then retries the request with a Proxy-Authorization header, that is the Base64 representation of the proxy username:password. This time the proxy authenticates the request, but then the application answers with a 401 Unauthorized header. The user was authenticated by the proxy, but not by the application. Question: this header value is correct right? The client retries again the request with both a Proxy-Authorization header, and a Authorization header valued with the Base64 representation of the app’s username:password.
At this point, the proxy successfully authenticates the request, forwards the request to the application that authenticates the user as well. And the client finally gets a response back. But did you solved your problem? Why the question is still open? Since you just asked for a general validation of the approach I tried to add some additional color in my answer around other permutations of this setup. Yes, that looks like a valid workflow for the situation you described, and those Authenticate headers seem to be in the correct format.
It’s interesting to note that it’s possible, albeit unlikely, for a given connection to involve multiple proxies that are chained together, and each one can itself require authentication. The client then proceeds to create another SSL channel nested inside the first, over which it transfers the final HTTP message including the Authorization header. In this scenario the proxy only knows the host and port the client connected to, not what was transmitted or received over the inner SSL channel. If I didn’t understand your question it’s probably best to start a new top-level question rather than trying to explain further here. There’s room for more detail in a question than a comment. Not the answer you’re looking for?