#1 Reusing server nonce when doing digest authentication

[Maximilian Winkler]

This is not a bug report ;-)

I have noticed that CalDavSynchronizer does not reuse the server nonce value when authenticating. For subsequent requests this results in a lot of 'HTTP/1.1 401 Unauthorized' responses from the server.

The first client request without authentication is anwered with a nonce generated by the server:

WWW-Authenticate: Digest realm="Group-Office",qop="auth",nonce="56430a62d3d90",opaque="df58bdff8cf60599c939187d0b5c54de"

Using this value the client calculates a response value with additional items (username, password, uri, request counter etc.)

Currently, CalDavSynchronizer does it this way when syncing a single entity:

PROPFIND
Server: 401
PROPFIND with Authorization
Server: 207
REPORT
Server: 401
REPORT with Authorization
Server: 207
PUT
Server: 401
PUT with Authorization
Server: 204
GET
Server: 401
GET with Authorization
Server: 200

The necessary communication could be reduced to:

PROPFIND with Authorization
Server: 207
REPORT with Authorization
Server: 207
PUT with Authorization
Server: 204
GET with Authorization
Server: 200

I know this has no impact when syncing a single entity, but it helps to take load from the server when syncing a lot of entities. Just a possible improvement ...

[Alexander Nimmervoll]

The problem is the .net implementation itself, we would need to use some DigestAuthFixer Helper class similar to http://stackoverflow.com/questions/3109507/httpwebrequests-sends-parameterless-uri-in-authorization-header

[Maximilian Winkler]

Ah, yes I understand. It is interesting that .net doesn't support reusing the nonce natively.

[Alexander Nimmervoll]

Ticket moved from /p/outlookcaldavsynchronizer/tickets/122/