test2026 (5237B)
1 <testcase> 2 <info> 3 <keywords> 4 HTTP 5 HTTP GET 6 HTTP Basic auth 7 HTTP Digest auth 8 </keywords> 9 </info> 10 # Server-side 11 <reply> 12 13 <!-- Alternate the order that Basic and Digest headers appear in responses to 14 ensure that the order doesn't matter. --> 15 16 <!-- First request has Digest auth, wrong password --> 17 <data100> 18 HTTP/1.1 401 Need Basic or Digest auth 19 Server: Microsoft-IIS/5.0 20 Content-Type: text/html; charset=iso-8859-1 21 Content-Length: 27 22 WWW-Authenticate: Digest realm="testrealm", nonce="1" 23 WWW-Authenticate: Basic realm="testrealm" 24 25 This is not the real page! 26 </data100> 27 28 <data1100> 29 HTTP/1.1 401 Sorry wrong password 30 Server: Microsoft-IIS/5.0 31 Content-Type: text/html; charset=iso-8859-1 32 Content-Length: 29 33 WWW-Authenticate: Basic realm="testrealm" 34 WWW-Authenticate: Digest realm="testrealm", nonce="2" 35 36 This is a bad password page! 37 </data1100> 38 39 <!-- Second request has Basic auth, right password --> 40 <data200> 41 HTTP/1.1 200 Things are fine in server land 42 Server: Microsoft-IIS/5.0 43 Content-Type: text/html; charset=iso-8859-1 44 Content-Length: 32 45 46 Finally, this is the real page! 47 </data200> 48 49 <!-- Third request has Digest auth, wrong password --> 50 <data300> 51 HTTP/1.1 401 Need Basic or Digest auth (2) 52 Server: Microsoft-IIS/5.0 53 Content-Type: text/html; charset=iso-8859-1 54 Content-Length: 27 55 WWW-Authenticate: Digest realm="testrealm", nonce="3" 56 WWW-Authenticate: Basic realm="testrealm" 57 58 This is not the real page! 59 </data300> 60 61 <data1300> 62 HTTP/1.1 401 Sorry wrong password (2) 63 Server: Microsoft-IIS/5.0 64 Content-Type: text/html; charset=iso-8859-1 65 Content-Length: 29 66 WWW-Authenticate: Basic realm="testrealm" 67 WWW-Authenticate: Digest realm="testrealm", nonce="4" 68 69 This is a bad password page! 70 </data1300> 71 72 <!-- Fourth request has Basic auth, wrong password --> 73 <data400> 74 HTTP/1.1 401 Sorry wrong password (3) 75 Server: Microsoft-IIS/5.0 76 Content-Type: text/html; charset=iso-8859-1 77 Content-Length: 29 78 WWW-Authenticate: Digest realm="testrealm", nonce="5" 79 WWW-Authenticate: Basic realm="testrealm" 80 81 This is a bad password page! 82 </data400> 83 84 <!-- Fifth request has Basic auth, right password --> 85 <data500> 86 HTTP/1.1 200 Things are fine in server land (2) 87 Server: Microsoft-IIS/5.0 88 Content-Type: text/html; charset=iso-8859-1 89 Content-Length: 32 90 91 Finally, this is the real page! 92 </data500> 93 94 <datacheck> 95 HTTP/1.1 401 Need Basic or Digest auth 96 Server: Microsoft-IIS/5.0 97 Content-Type: text/html; charset=iso-8859-1 98 Content-Length: 27 99 WWW-Authenticate: Digest realm="testrealm", nonce="1" 100 WWW-Authenticate: Basic realm="testrealm" 101 102 HTTP/1.1 401 Sorry wrong password 103 Server: Microsoft-IIS/5.0 104 Content-Type: text/html; charset=iso-8859-1 105 Content-Length: 29 106 WWW-Authenticate: Basic realm="testrealm" 107 WWW-Authenticate: Digest realm="testrealm", nonce="2" 108 109 This is a bad password page! 110 HTTP/1.1 200 Things are fine in server land 111 Server: Microsoft-IIS/5.0 112 Content-Type: text/html; charset=iso-8859-1 113 Content-Length: 32 114 115 Finally, this is the real page! 116 HTTP/1.1 401 Need Basic or Digest auth (2) 117 Server: Microsoft-IIS/5.0 118 Content-Type: text/html; charset=iso-8859-1 119 Content-Length: 27 120 WWW-Authenticate: Digest realm="testrealm", nonce="3" 121 WWW-Authenticate: Basic realm="testrealm" 122 123 HTTP/1.1 401 Sorry wrong password (2) 124 Server: Microsoft-IIS/5.0 125 Content-Type: text/html; charset=iso-8859-1 126 Content-Length: 29 127 WWW-Authenticate: Basic realm="testrealm" 128 WWW-Authenticate: Digest realm="testrealm", nonce="4" 129 130 This is a bad password page! 131 HTTP/1.1 401 Sorry wrong password (3) 132 Server: Microsoft-IIS/5.0 133 Content-Type: text/html; charset=iso-8859-1 134 Content-Length: 29 135 WWW-Authenticate: Digest realm="testrealm", nonce="5" 136 WWW-Authenticate: Basic realm="testrealm" 137 138 This is a bad password page! 139 HTTP/1.1 200 Things are fine in server land (2) 140 Server: Microsoft-IIS/5.0 141 Content-Type: text/html; charset=iso-8859-1 142 Content-Length: 32 143 144 Finally, this is the real page! 145 </datacheck> 146 147 </reply> 148 149 # Client-side 150 <client> 151 <server> 152 http 153 </server> 154 <features> 155 !SSPI 156 crypto 157 digest 158 </features> 159 <tool> 160 lib2023 161 </tool> 162 163 <name> 164 HTTP authorization retry (Digest switching to Basic) 165 </name> 166 <command> 167 http://%HOSTIP:%HTTPPORT/%TESTNUMBER digest basic 168 </command> 169 </client> 170 171 # Verify data after the test has been "shot" 172 <verify> 173 <protocol> 174 GET /%TESTNUMBER0100 HTTP/1.1 175 Host: %HOSTIP:%HTTPPORT 176 Accept: */* 177 178 GET /%TESTNUMBER0100 HTTP/1.1 179 Host: %HOSTIP:%HTTPPORT 180 Authorization: Digest username="testuser", realm="testrealm", nonce="1", uri="/%TESTNUMBER0100", response="5f992a2e761ab926256419f7c685f85b" 181 Accept: */* 182 183 GET /%TESTNUMBER0200 HTTP/1.1 184 Host: %HOSTIP:%HTTPPORT 185 Authorization: Basic %b64[testuser:testpass]b64% 186 Accept: */* 187 188 GET /%TESTNUMBER0300 HTTP/1.1 189 Host: %HOSTIP:%HTTPPORT 190 Accept: */* 191 192 GET /%TESTNUMBER0300 HTTP/1.1 193 Host: %HOSTIP:%HTTPPORT 194 Authorization: Digest username="testuser", realm="testrealm", nonce="3", uri="/%TESTNUMBER0300", response="132242e602882251929be93228c830ae" 195 Accept: */* 196 197 GET /%TESTNUMBER0400 HTTP/1.1 198 Host: %HOSTIP:%HTTPPORT 199 Authorization: Basic %b64[testuser:wrongpass]b64% 200 Accept: */* 201 202 GET /%TESTNUMBER0500 HTTP/1.1 203 Host: %HOSTIP:%HTTPPORT 204 Authorization: Basic %b64[testuser:testpass]b64% 205 Accept: */* 206 207 </protocol> 208 </verify> 209 </testcase>