2.2.9.1.3.1.1 HTTP Headers

The request includes a number of fields in the HTTP message headers. The fields MUST follow the rules specified in [RFC2616] section 4.2.

Tokens

Content-Length:  Contains the size, in bytes, of the message body. It MUST be present.

Authorization:  Contains the CredSSP messages as defined according to the CredSSP protocol specified in [MS-CSSP] section 2.

 Authorization  = "Authorization" ":" credentials
  
 credentials = "CredSSP" auth-data2
 auth-data2  = 1#( CredSSP-Protocol-Data )

Where CredSSP-Protocol-Data is the base64 encoding of TLS encrypted CredSSP protocol messages specified in [MS-CSSP]. A sample message exchange is described in [MS-CSSP] section 4. The client MUST include the Authorization field in the request until the Web Services Management Protocol Extensions for Windows Vista service responds with a "200 OK" response, indicating that the security context is complete.

Content-Type:  Contains the media type, as specified in [RFC2616] section 14.17.

 Content-Type = "Content-Type"":" 
     1#(contenttype";""protocol""=" protocolvalue";
     ""boundary""="boundaryvalue)

contenttype:  Contains the message content type. It MUST be set to "multipart/encrypted".

protocolvalue: Contains the authentication mechanism used to establish the encryption context, and it MUST be set to "application/HTTP-CredSSP-session-encrypted", which indicates security context obtained from authentication by using CredSSP over HTTP, as specified in [MS-CSSP], is used to encrypt the message.

boundaryvalue:  Contains the boundary used as the delimiter line for the multipart media content. It MUST be set to "Encrypted Boundary".