Contents of a Digest Challenge
The size of a Digest Access challenge must be less than 2048 bytes. The following example shows a challenge assigned to the character string szChallenge.
szChallenge = "realm=\"Microsoft_Example_Forest\","; algorithm = "MD5-sess\", qop=\"auth\", nonce=\"0123456789abcdef\"";
A Digest challenge can contain the following directives.
|realm||An implementation-defined hint to the client about which credentials are required. The client should display this information to the user if it is prompting for credentials.|
|algorithm||Microsoft Digest supports MD5 and MD5-Sess. For optimal performance, use MD5-Sess.|
|qop||This directive can be set to auth, auth-int, or auth-conf. For more information, see Quality of Protection and Ciphers.|
|nonce||A unique encoded value generated by the server for each challenge. This value must not be altered by the client.|
|opaque||Contains a reference for the security context that is being established. For more information, see Maintaining the Security Context Between Connections.|
|cipher(SASL only)||The list of ciphers that the server supports. This element can be present in a Digest SASL challenge only if the qop directive specifies auth-conf. For more information, see Quality of Protection and Ciphers.|
|charset||This directive can be set to utf-8 if the server can process UTF-8–encoded user names and realms. If the client understands the charset directive, it can respond by using UTF-8–encoded values.|
Microsoft Digest generates the Digest challenge string for server applications. For details, see Generating the Digest Challenge.