Microsoft Windows CE 3.0  

HTTP Authentication

This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

If authentication is required, the server sends a status code of 401 — if the server requires authentication, or 407 — if the proxy requires authentication. Along with the status code, the proxy or server sends one or more authenticate response headers — Proxy-Authenticate, for proxy authentication, or WWW-Authenticate, for server authentication.

Each authenticate response header contains an available authentication scheme and a realm. If multiple authentication schemes are supported, the server returns multiple authenticate response headers. The realm value is case-sensitive and defines a protection space on the proxy or server. For example, the header "WWW-Authenticate: Basic Realm=example" would be an example of a header returned when server authentication is needed.

The client application that sent the request can authenticate itself by including an Authorization header field with the request. The Authorization header would contain the authentication scheme and the appropriate response required by that scheme.

The Windows CE Internet functions support the Basic authentication scheme, which is based on the model that a client must authenticate itself with a user name and password for each realm. The server services the request if it is resent with an Authorization header that includes a valid user name and password.

For anything other than Basic authentication, you must use the Security Support Provider Interface(SSPI), which enables applications to access security DLLs called Security Support Providers(SSPs). The registry keys must be set up in addition to installing the appropriate DLL(s). For more information on setting these registry keys, see Registering Authentication Keys.

The application should call the HttpOpenRequestfunction if authentication is required. The INTERNET_FLAG_KEEP_CONNECTION flag should be used for NTLM and other types of authentication to maintain the connection while completing the authentication process. If the connection is not maintained, the authentication process must be restarted with the proxy or server.

InternetOpenUrland HttpSendRequestcomplete successfully even when authentication is required. However, the data returned in the header files and InternetReadFilewould receive an HTML page informing the user of the status code.

 Last updated on Friday, April 02, 2004

© 2004 Microsoft Corporation. All rights reserved.