When I tested this I noticed Firefox can handle both proxy authentication and www authentication (e.g. both Negotiate) whereas IE7 did not. It was sending one only either proxy or www authentication which I would classify as a bug. Markus "Neil A. Hillard" <neil.hillard@xxxxxxxxxxxxxxxxxx> wrote in message news:46A852D0.2010401@xxxxxxxxxxxx > Matt, > > Matthew Smith wrote: >> Hello! >> >> Is it correct to say that a response can only have one authenticate in >> the headers? That a request containing a WWW-Authenticate cannot have a >> Proxy-Authenticate as well? >> >> If I have a site which requires authentication with a given scheme, am I >> right to assume that the only way a authenticating proxy between the >> site and the user can use authentication is if the authentication tokens >> sent by the user are the same for the proxy and the site? Is basic >> authentication the only auth system that can be chained in this way? >> >> Lastly, assuming a proxy with no auth, is it now possible to have a >> WWW-Authenticate using the NTLM scheme pass though a squid proxy? In the >> past I believe the answer is no, but I want to be sure nothing has >> changed since. > > I wouldn't have thought a response could contain both headers. But what > would happen is the request would be sent to the proxy, you'd > authenticate, then the request would be forwarded to the target site > which would then request authentication. > > A request can have both headers. As long as your clients are aware of > the proxy then they will happily authenticate to it (with > Proxy-Authorization) and then authenticate to the target website (with > Authorization). > > > Neil. > > -- > Neil Hillard neil.hillard@xxxxxxxxxxxxxxxxxx > AgustaWestland http://www.whl.co.uk/ > > Disclaimer: This message does not necessarily reflect the > views of Westland Helicopters Ltd. >
