Input Buffers for the Digest Challenge Response
HTTP authentication using Microsoft Digest requires three input buffers to generate a challenge response. The following table summarizes these buffers.
| Buffer number | Contains | Buffer type |
|---|---|---|
| 0 | Challenge received from the Server | SECBUFFER_TOKEN |
| 1 | HTTP Method | SECBUFFER_PARAMS |
| 2 | H(Entity) | SECBUFFER_PARAMS |
| 3 | The service principal name (SPN) of the target server. | SECBUFFER_TARGET_HOST | SECBUFFER_READONLY |
| 4 | Channel bindings token values | SECBUFFER_CHANNEL_BINDINGS | SECBUFFER_READONLY |
Buffer zero contains the Digest challenge received from the server in response to the initial request for an access-protected resource.
Buffer 1 contains the string representation of the method, such as "GET" or "POST". The method is used in the calculation of A2, as described in RFC 2617.
Buffer 2 is the MD5 hash of the message's entity-body as described in RFC 2617.
Buffer 3 contains the SPN of the target server in UTF-8 formatting when Digest is used with channel bindings.
Buffer 4 contains the channel binding token value when Digest is used with channel bindings.
Input Buffers for SASL
Supply buffer zero only. For compatibility with other SSPs, you may call InitializeSecurityContext (Digest) without a valid server challenge. In this case the pInput parameter should be set to NULL.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for