Websocket digest authentication

Dec 30, 2014 at 6:55 AM
Hi,

is it possible to connect to a websocket which needs digest authentication?

My websocket uri is ws://host/websocketpath but first a authentication is needed which needs the uri http://host/websocketpath.

best regards
Michael
Coordinator
Dec 30, 2014 at 5:38 PM
Hi Michael,

I haven't tried it out yet, but I think it should be possible. The library doesn't have any high level support for authentication with our websocket client, but you can specify the request headers to use during the initial HTTP request to upgrade to the websocket protocol. There you could put in the WWW-Authenticate header yourself.

Take a look at the websocket_client_config::headers() API to add request headers. Let me know how it goes.

Steve
Jan 2, 2015 at 7:21 AM
Hi,

thanks for the reply.
You are right, the websocketpp libraray doesn't support an authentication during the handshake, although the websocket standard (RFC6455) specifies that it should be possible to handle responses from the server with different http status codes than 101.

I haven't tried it with the headers but I don't think it would work because of the challenge response architecture of the digest authentication.

Maybe it's possible to add the handling of http status codes different than 101 to the websocketpp library.

regards
Michael
Coordinator
Jan 2, 2015 at 7:16 PM
Hi Michael,

Yes I agree the ideal situation would be handling the request challenge pattern, however it might still work so I would try it out. The server might see the credentials are already present and decide not to challenge.

If you figure out a better way to do this it might be valuable to contribute it back to the library.

Thanks,
Steve