Contents of a Digest Challenge
The size of a Digest Access challenge must be less than 2048 bytes. The following example shows a challenge assigned to the character string szChallenge.
szChallenge = "realm=\"Microsoft_Example_Forest\",";
algorithm = "MD5-sess\", qop=\"auth\", nonce=\"0123456789abcdef\"";
Note
The challenge string is enclosed in double quotes and contains embedded double quotes. Embedded double quotes must be preceded (escaped) with a backslash (\).
A Digest challenge can contain the following directives.
| Directive | Description |
|---|---|
| realm | An implementation-defined hint to the client about which credentials are required. The client should display this information to the user if it is prompting for credentials. |
| algorithm | Microsoft Digest supports MD5 and MD5-Sess. For optimal performance, use MD5-Sess. |
| qop | This directive can be set to auth, auth-int, or auth-conf. For more information, see Quality of Protection and Ciphers. |
| nonce | A unique encoded value generated by the server for each challenge. This value must not be altered by the client. |
| opaque | Contains a reference for the security context that is being established. For more information, see Maintaining the Security Context Between Connections. |
| cipher(SASL only) | The list of ciphers that the server supports. This element can be present in a Digest SASL challenge only if the qop directive specifies auth-conf. For more information, see Quality of Protection and Ciphers. |
| charset | This directive can be set to utf-8 if the server can process UTF-8–encoded user names and realms. If the client understands the charset directive, it can respond by using UTF-8–encoded values. |
Microsoft Digest generates the Digest challenge string for server applications. For details, see Generating the Digest Challenge.