Problems with wms layer manager and .net service with digest authorization

[NoCk]

I have problems with wms layer manager and a iis service with digest authorization. All time response 401 Error.
If I try getcapabilities in the browser, it works fine. I recieve a form for write user and password, I write correctly the user and password, and finally I recieve the xml.
But, if I try with wms layer manager I recieve the form for write user and password all time, although the user and password have been types correctly.

[what_nick]

WMS code in worldwind is not designed with authenticated services in mind. Are you using the demo WMS code ? We added support for basic auth and https. For digest auth you will have to use :

URLConnection uc = url.openConnection();
uc.setRequestProperty ("Authorization", "Digest " + encoding);

Where encoding is generated with md5, sha1 or whichever digest provider you use on the server side as shown here:

http://download.oracle.com/javase/6/...http-auth.html

See here on how to generate the digest on the client side once the Authentication scheme has been identified:

http://stackoverflow.com/questions/4...5-hash-in-java

Cheers,

whatnick.

[NoCk]

Thank you.

But I have the same problem. IIS 6.0 with win2003 use MD5-sess and I don't know how to get the request body. I found some examples which explain how to get the request header with md5-sess (http://svn.apache.org/repos/asf/http...estScheme.java) and I need to get the getcapabilities.

I hope the answer from someone with more knowledge about java than me.

[NoCk]

I have found a solution for authentication md5-sess:

* First step: Calculate nonce and realm with a request:

HttpClient client = new HttpClient();
GetMethod getMethod = new GetMethod(host+urlStr+parameters);
client.executeMethod(getMethod);
Header wwAuthHeader = getMethod.getResponseHeader("WWW-Authenticate");
for (HeaderElement element : wwAuthHeader.getElements())
{
if(element.getName().equals("nonce"))
nonce = element.getValue();
if(element.getName().equals("realm"))
realm = element.getValue();
}


*Second step: Calculate response:

String user = "usuario";
String password = "contrasenia";
String cnonce = "inventado";
String nc = "00000001";
String qop = "auth";
String A1 = MD5Encrypt(user+":"+realm+":"+password)+ ":"+nonce+":"+cnonce;
String response = MD5Encrypt(MD5Encrypt(A1)+":"+nonce+":"+ nc+":"+cnonce+":"+qop+":"+ MD5Encrypt("GET:"+urlStr));

* The function MD5Encrypt is:
private String MD5Encrypt(String text)
{
try
{
byte b[] = java.security.MessageDigest.getInstance( "MD5").digest((text).getBytes());
java.math.BigInteger bi = new java.math.BigInteger(1,b);
String s = bi.toString(16);
while(s.length() < 32)
s="0"+s;
return s;
}
catch(Exception e)
{
e.printStackTrace();
}
}


* Third step: Perform the GetCapabilities request and save in a xml:

URL url = new URL(urlStr);
URLConnection urlCon = url.openConnection();
String header = "username=\""+user+"\",realm=\""+realm+" \",nonce=\""+nonce+"\",uri=\""+urlStr+"\ ",cnonce=\""+cnonce+"\",nc="+nc+",algori thm=MD5-sess,response=\""+response+"\",qop=\""+q op+"\",charset=utf-8";
urlCon.setRequestProperty("Authorization ", "Digest "+header);

InputStream is = urlCon.getInputStream();
FileOutputStream fos = new FileOutputStream("C:/temp.xml");

byte[] array = new byte[1000];
int step = is.read(array);
while (step > 0)
{
fos.write(array, 0, step);
step = is.read(array);
}
is.close();
fos.close();


* But, now, this is my question: How to avoid IE prompt to send the request code as shown above?