Authorized REGISTER Request (and 401 Response)

Hi,

I sent REGISTER request and I got 401 response form server.

Then I m sent authorized REGISTER request to the server with

"Authorization" header field.
I just want to know whether the sequence of sub fields like 
cnonce,uri,nonce etc in "Authorization" header
matter?
Whether there is any specific sequence with which I should
fill the 
"Authorization" header?

Also I m getting
"stale=false","qop=auth" etc in 401
response.
Hence it is must to send qop in authorized REGISTER request.
And I m 
calculating response using MD5 algorithm. Then I m sending 
the 
authorized REGISTER request again to the server. But server
is again 
responding with 401 response filling
"stale=false" , "qop=auth".
There is not much difference in
"WWW-Authenticate" header of both 401 
response.

Can anybody tell me why server is sending 401 response again
instead of 
"200OK"?

Waiting for your reply,

---Sumit

_______________________________________________
Sip-implementors mailing list
Sip-implementorscs.columbia.edu
https://lists.cs.columbia.edu/cucslists/listinf
o/sip-implementors

I see that you've been stucked on this for a while now, so
let me try 
to give it a shot.

sumitvaftek.com wrote:
> I just want to know whether the sequence of sub fields
like 
> cnonce,uri,nonce etc in "Authorization"
header matter?

No, the order of the parameter doesn't matter. But be
careful of these:
- some parameter values need to be quoted and some are not
(see the 
ABNF grammar in RFC 2617), so make sure you follow the
correct rule 
because some servers are picky about this.
- the presence "qop" requires sending additional
parameters (for 
example "cnonce" and "nc") which
normally MUST NOT be sent.


> Also I m getting
"stale=false","qop=auth" etc in 401
response.
> Hence it is must to send qop in authorized REGISTER
request. And I m 
> calculating response using MD5 algorithm. 

The "stale=false" indicates that the response
digest (the "response" 
parameter in your Authorization header) is incorrect. Be
aware that 
when "qop" parameter is present, the digest is
calculated differently 
than when "qop" is not present.

When "qop" is present, your response should be
calculated as:
   response = MD5(ha1 ":" nonce ":"
nc ":" cnonce ":" qop
":" ha2)

while normally, when "qop" is not present, your
response will be 
calculated as:
   response = MD5(ha1 ":" nonce ":"
ha2)

where:
   ha1 = MD5(username ":" realm ":"
password)
   ha2 = MD5(method ":" req_uri)

Also be careful when calculating the digest, make sure you
properly 
un-quote the quoted parameters before feeding it to your
digest 
calculation.

> 
> Can anybody tell me why server is sending 401 response
again instead of 
> "200OK"?

There are lots of things that can go wrong, and from where
I'm sitting 
now it's just impossible to determine what exactly has
caused the failure.

But my suggestion now is to try your authentication function
with 
other server implementations that don't require
"qop" in the 
challenge, just to see if your base authentication
implementation 
(without "qop") works.

cheers,
-benny

_______________________________________________
Sip-implementors mailing list
Sip-implementorscs.columbia.edu
https://lists.cs.columbia.edu/cucslists/listinf
o/sip-implementors