2.2.9.1.3.2.1 HTTP Headers
The request includes a number of fields in the HTTP message headers. The fields MUST follow the rules specified in [RFC2616] section 4.2.
Tokens
Content-Length: Contains the size, in bytes, of the message body. It MUST be present.
Authorization: Contains the credentials as defined according to the framework as specified in [RFC2616] section 14.8.
-
Authorization = "Authorization" ":" credentials credentials = "CredSSP" auth-data2 auth-data2 = 1#( gssapi-data )
-
Where gssapi-data is the base64 encoding of the InitializeContextToken, as specified in [RFC4559] section 4.2. The client MUST include the Authorization field in the request until the Web Services Management Protocol Extensions for Windows Vista service responds with a "200 OK" response, indicating that the security context is complete.
Content-Type: Contains the media type, as specified in [RFC2616] section 14.17.
-
Content-Type = "Content-Type"":" 1#(contenttype";""protocol""=" protocolvalue"; ""boundary""="boundaryvalue)
contenttype: Contains the message content type. It MUST be set to "multipart/x-multi-encrypted".
protocolvalue: Contains the authentication mechanism used to establish the encryption context, and it MUST be set to "application/HTTP-CredSSP-session-encrypted", which indicates security context obtained from authentication by using CredSSP over HTTP, as specified in [MS-CSSP], is used to encrypt the message.
boundaryvalue: Contains the boundary used as the delimiter line for the multipart media content. It MUST be set to "Encrypted Boundary".