Your third piece of code:

$mechanize->credentials("server:49282","Digest realm", $username=>$pas
+sword);
[download]

The server's response:

WWW-Authenticate: Digest realm="GWAVA Console", ...
[download]

Do you see the important difference?

Either use the two-argument form of WWW::Mechanize->credentials() or fix the realm argument of the four-argument form to match the server's 401 response.

The second piece of code has the same problem, but you can't use the two argument form of LWP::UserAgent->credentials() (it is a getter, not a setter).

zwon explained you why the first piece of code doesn't work.

Alexander

Ok, so it is Digest authentication, not Basic, that's why the first block of code doesn't work for you.

LWP should handle both Basic and Digest authentication with LWP::Authen::Basic and LWP::Authen::Digest.

I've searched for more documentation about LWP and Digest authentication, but not found much more.

I've found the node LWP and Digest Authentication here on PerlMonks which linked me to the t/jigsaw-auth-d.t script inside the libwww-perl distribution. which is kind of confusing.

use LWP::UserAgent;

{
   package MyUA;
   use vars qw(@ISA);
   @ISA = qw(LWP::UserAgent);

   my @try = (['foo', 'bar'], ['', ''], ['guest', ''], ['guest', 'gues
+t']);

   sub get_basic_credentials {
    my($self,$realm, $uri, $proxy) = @_;
    print "$realm:$uri:$proxy => ";
    my $p = shift @try;
    print join("/", @$p), "\n";
    return @$p;
   }

}

my $ua = MyUA->new(keep_alive => 1);

my $req = HTTP::Request->new(GET => "http://jigsaw.w3.org/HTTP/Digest/
+");
my $res = $ua->request($req);
[download]

To properly use the digest authentication the function get_basic_credentials() have to be overridden as ikegami did on Re^3: LWP and Digest Authentication.

Alex's Log - http://alexlog.co.cc

LWP should handle both Basic and Digest authentication

It does. The parent only said that ->authorization_basic wouldn't work. ->authorization_basic sets the basic authentication headers only.

Its fun how the code appears to work (returns the HTML output), against my local testserver, but not on the server I have the issues with.
This is the code, correct me please if I did any lazy things that can make it work :-P


use LWP::UserAgent;
use HTTP::Request::Common;

{
   package MyUA;
   use vars qw(@ISA);
   @ISA = qw(LWP::UserAgent);

   my @try = (['username', 'password']);

   sub get_basic_credentials {
    my($self,$realm, $uri, $proxy) = @_;
    print "$realm:$uri:$proxy => ";
    my $p = shift @try;
    print join("/", @$p), "\n";
    return @$p;
   }

}

my $ua = MyUA->new(keep_alive => 0);

my $req = HTTP::Request->new(GET => "http://mail.isnitro.com:49282/nav
+igation/nav_home.shtml");
my $res = $ua->request($req)->as_string;
print "Res: ", $res;
[download]

The Digest realm is as far as I can see, static against "GWAVA Console".

It was part of a scheme to obfuscate, the code does say GWAVA Console, for security measures I tried again and it still fails.

Just to add another piece I picked up, there is no domain in the header. The server we talk to is not a readable standard apache afaik either, I found the realm information deep in a binary on the target server. Other browsers are however able to authenticate, so something wierd...

Or, I could copy the page want, modify it to remove the data I dont want and place it outside the password area, it seems like a kind of javascript HTML page processed on the request (references to JDB inside), that is however the way I least want to go in terms of security and Perl should be able to do this(maybe it's I who dont get it...)