Does Basic User Authentication require 2-Phase communiation?

RED SOFT ADAIR-StefanWoe asked:

My Application connects to the Internet to HTTP Services using boost::asio. Recently we added support for HTTP Proxys and Basic User Authentication. We implemented Basic User Authentication by just sending Authentication parameters with every HTTP call if a user configured a proxy in our program. Parameters are sent as described here:

Authorization: Basic <base64 Encoded username:password>

This works at least for one user and his proxy server. Other users report that their Proxy server replys with

407 Proxy Authentication Required

My guess is that some proxy servers accept 1 one phase authentication and that others don’t. I do not find any information that a 2 Phase communication is requested where the access always is denied for the first call by returning 407 and that only a second call is accepted.

Our program yet does not retry the call if a 407 has been returned. Do we have to add this?

I asked this question before on stackoverflow but did not get a sufficient answer.

My answer:

As made clear in RFC 2617 (which you should have already read) authenticating to a proxy requires that you send the Proxy-Authorization header, not the Authorization header which is used to authenticate to origin servers. It sounds like the one “working” proxy server you found was actually “buggy.”

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.