Input Buffers for the Digest Challenge Response

HTTP authentication using Microsoft Digest requires three input buffers to generate a challenge response. The following table summarizes these buffers.

Buffer numberContainsBuffer type
0Challenge received from the ServerSECBUFFER_TOKEN
3The service principal name (SPN) of the target server.SECBUFFER_TARGET_HOST | SECBUFFER_READONLY


Buffer zero contains the Digest challenge received from the server in response to the initial request for an access-protected resource.

Buffer 1 contains the string representation of the method, such as "GET" or "POST". The method is used in the calculation of A2, as described in RFC 2617.

Buffer 2 is the MD5 hash of the message's entity-body as described in RFC 2617.

Buffer 3 contains the SPN of the target server in UTF-8 formatting when Digest is used with channel bindings.

Buffer 4 contains the channel binding token value when Digest is used with channel bindings.

Input Buffers for SASL

Supply buffer zero only. For compatibility with other SSPs, you may call InitializeSecurityContext (Digest) without a valid server challenge. In this case the pInput parameter should be set to NULL.