[SIPForum-discussion] How to validate authentication using HTTP digest authentication
Tomasz Karbowski
tom170 at o2.pl
Fri Sep 5 20:46:28 UTC 2014
Dear Kamrul,
Please follow this link :
http://en.wikipedia.org/wiki/Digest_access_authentication
Small explanation below :
Dialer registers user user3 with password 3.
After sending REGISTER we get following 407 proxy auth :
Proxy-Authenticate: DIGEST realm="SoftSwitch",
nonce="06e5087c107ba90e09210900901581001501"
Then its needed to calculate 3 values HA1 HA2 and response :
1. HA1=MD5(A1)=MD5(username:realm:password) = MD5(user3:SoftSwitch:3) =
796fbd6779a25e223ec08293d1f6e2b2
2. HA2=MD5(A2)=MD5(method:digestURI) = MD5(REGISTER:sip:37.38.157.28:5060)
= 9f7b2230b13f7b5fe6a122d6cbc2e2e8
3. response=MD5(HA1:nonce:HA2) = MD5(796fbd6779a25e223ec08293d1f6e2b2:
06e5087c107ba90e09210900901581001501:9f7b2230b13f7b5fe6a122d6cbc2e2e8) =
f6ac6de2278f90c3438b0476c0f5dd36
The dialer response also was follwoing :
Proxy-Authorization: Digest username="user3", realm="SoftSwitch",
nonce="06e5087c107ba90e09210900901581001501", uri="sip:37.38.157.28:5060",
response="f6ac6de2278f90c3438b0476c0f5dd36 "
Server needs to get the username given by dialer, password from DB and
recalculate response on his side if it match then user is authorized.
Best regards,
Tom
W dniu .08.2014 o 20:01 Kamrul Khan <dodul at live.com> pisze:
> Hi,
>
> I am testing my sip dialer usingHTTP digest authentication in the server
> side. Now, the response my dialer is sending is,
>
> Digest username="bob", realm="192.168.146.133", nonce="5e954418",
> uri="sip:192.168.146.133", >response="ec221690633f2ae691669c4083832fd8",
> algorithm=MD5
>
> However, the original password that I set was 1234 and the md5 value of
> 1234 is 81dc9bdb52d04dc20036dbd8313ed055 >(according to
> http://www.miraclesalad.com/webtools/md5.php) Now how do I match the
> password? Someone please help.
>
> BR//Kamrul
--
Używam klienta poczty Opera Mail: http://www.opera.com/mail/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20140905/0f81aafb/attachment-0002.html>
More information about the discussion
mailing list