There looks to be a bug with the HttpServerAPIKnownHeaders array in the http_windows_server.cpp file (Casablanca v1.4).
I discovered this while trying out the http_listener with basic authentication. I could not get it to work. IE kept popping up the "Enter your credentials..." dialog.
Utilizing Fiddler, I could see the "Authorization" header being sent. However, when debugging and stepping through the code I could not find the "Authorization" header in the headers collection that is a part of the http_request class. Strangely, I kept seeing "Accept-Authorization".
Some more digging lead me to HttpServerAPIKnownHeaders. This array is being used by the function parse_http_headers in constructing the http_request. Index 24 of the array reads "Accept-Authorization". So when the "known" header "Authorization" comes in at index 24, the parse_http_headers function is adding "Accept-Authorization" to the headers collection instead of "Authorization".
So if you look for the "Authorization" header as part of a basic authentication routine, you'll never find it.
The documentation on HTTP_HEADER_ID explains the values of the known headers.(http://msdn.microsoft.com/en-us/library/windows/desktop/aa364526(v=vs.85).aspx)
I've included a simple code example:
```
bool MyListener::is_authorized(http_request request)
{
if (!request.headers().has(web::http::header_names::authorization)) return false;
//Header was found....
return true;
}
void MyListener::handle_get(http_request message)
{
if (!is_authorized(message))
{
http_response response(status_codes::Unauthorized);
response.headers().add(web::http::header_names::www_authenticate, "Basic realm=\"test\"");
message.reply(response);
return;
}
message.reply(status_codes::OK, U("success"));
};
```
Comments: Fixed in 2.0.0 release.
I discovered this while trying out the http_listener with basic authentication. I could not get it to work. IE kept popping up the "Enter your credentials..." dialog.
Utilizing Fiddler, I could see the "Authorization" header being sent. However, when debugging and stepping through the code I could not find the "Authorization" header in the headers collection that is a part of the http_request class. Strangely, I kept seeing "Accept-Authorization".
Some more digging lead me to HttpServerAPIKnownHeaders. This array is being used by the function parse_http_headers in constructing the http_request. Index 24 of the array reads "Accept-Authorization". So when the "known" header "Authorization" comes in at index 24, the parse_http_headers function is adding "Accept-Authorization" to the headers collection instead of "Authorization".
So if you look for the "Authorization" header as part of a basic authentication routine, you'll never find it.
The documentation on HTTP_HEADER_ID explains the values of the known headers.(http://msdn.microsoft.com/en-us/library/windows/desktop/aa364526(v=vs.85).aspx)
I've included a simple code example:
```
bool MyListener::is_authorized(http_request request)
{
if (!request.headers().has(web::http::header_names::authorization)) return false;
//Header was found....
return true;
}
void MyListener::handle_get(http_request message)
{
if (!is_authorized(message))
{
http_response response(status_codes::Unauthorized);
response.headers().add(web::http::header_names::www_authenticate, "Basic realm=\"test\"");
message.reply(response);
return;
}
message.reply(status_codes::OK, U("success"));
};
```
Comments: Fixed in 2.0.0 release.