Contents of a Digest Challenge Response
The client must send the server a Digest challenge response when it receives a Digest challenge in response to a request for a resource. The client must send the request again, supplying an Authorization header with the challenge response. The following table describes the directives that make up a Digest challenge response.
|username||The account name of the security principal requesting the resource.|
|Realm||The name of the domain that contains the account indicated by username.|
|nonce||The nonce received in the Digest challenge.|
|uri||The Universal Resource Identifier (URI) of the requested resource.|
|qop||The quality of protection.|
|nc||The nonce count. The number of times the client has sent a challenge response using the nonce. For more information, see the nonce directive.|
|cnonce||A unique encoded value generated by the client for each challenge response.|
|response||A value computed according to the Digest Access specification (RFC 2617). An accurate response is conclusive proof that the user's password is known on the client side.|
|algorithm||The algorithm received in the Digest challenge.|
|opaque||The opaque value received in the Digest challenge.|
|(SASL only) cipher||One of the cipher values received in the Digest challenge. For cipher details, see Quality of Protection and Ciphers.|
Microsoft Digest supports the following username/Realm forms:
- Username Realm
- AccountName Domain (flat)
- UPN "" (blank)
- NetBIOS "" (blank)
While uppercase characters are supported, for best performance matching the server's precalculated Digest hash values, the use of lowercase characters is recommended.
The use of precalculated hashes is a new feature that allows system operators to skip the use of reversible encrypted passwords on the domain controller. A precalculated hash is formed for a user when the user's password is changed.
Microsoft Digest generates the Digest challenge response string for client applications. For details, see Generating the Digest Challenge Response.