22.2 User-to-User Authentication 22.2 用户对用户身份验证 When a UAS receives a request from a UAC, the UAS MAY authenticate the originator before the request is processed. If no credentials (in the Authorization header field) are provided in the request, the UAS can challenge the originator to provide credentials by rejecting the request with a 401 (Unauthorized) status code. 当UAS接收到来自UAC的请求时,UAS可以在处理请求之前对发起方进行身份验证。如果在请求中没有提供凭证(在Authorization报头字段中),则UAS可以通过用401(未授权)状态码拒绝请求来挑战发起方提供凭证。 The WWW-Authenticate response-header field MUST be included in 401 (Unauthorized) response messages. The field value consists of at least one challenge that indicates the authentication scheme(s) and parameters applicable to the realm.
WWW-Authenticate响应报头字段必须包含在401(未授权)响应消息中。字段值由至少一个质询组成,该质询指示适用于领域的身份验证方案和参数。
An example of the WWW-Authenticate header field in a 401 challenge is:
401质询中WWW-Authenticate报头字段的一个示例是:
WWW-Authenticate: Digest
realm="biloxi.com",
qop="auth,auth-int",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
When the originating UAC receives the 401 (Unauthorized), it SHOULD, if it is able, re-originate the request with the proper credentials. The UAC may require input from the originating user before proceeding. Once authentication credentials have been supplied (either directly by the user, or discovered in an internal keyring), UAs SHOULD cache the credentials for a given value of the To header field and "realm" and attempt to re-use these values on the next request for that destination. UAs MAY cache credentials in any way they would like.
当发起UAC接收到401(未授权)时,如果能够,它应该使用适当的凭据重新发起请求。UAC在继续之前可能需要来自发起用户的输入。一旦提供了身份验证凭据(直接由用户提供,或在内部密钥环中发现),UA应缓存To报头字段和“领域”的给定值的凭据,并尝试在该目的地的下一个请求中重复使用这些值。UA可以以任何方式缓存凭据。
If no credentials for a realm can be located, UACs MAY attempt to retry the request with a username of "anonymous" and no password (a password of "").
如果找不到领域的凭据,UAC可能会尝试使用用户名“匿名”且没有密码(密码“”)重试请求。
Once credentials have been located, any UA that wishes to authenticate itself with a UAS or registrar -- usually, but not necessarily, after receiving a 401 (Unauthorized) response -- MAY do so by including an Authorization header field with the request. The Authorization field value consists of credentials containing the authentication information of the UA for the realm of the resource being requested as well as parameters required in support of authentication and replay protection.
一旦找到凭据,任何希望向UAS或注册机构进行身份验证的UA(通常但不一定是在收到401(未经授权)响应后)都可以通过在请求中包含Authorization报头字段来进行身份验证。Authorization字段值由凭据组成,其中包含UA对所请求资源领域的身份验证信息以及支持身份验证和重播保护所需的参数。
An example of the Authorization header field is:
Authorization报头字段的示例如下:
Authorization: Digest username="bob",
realm="biloxi.com",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="sip:bob@biloxi.com",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
When a UAC resubmits a request with its credentials after receiving a 401 (Unauthorized) or 407 (Proxy Authentication Required) response, it MUST increment the CSeq header field value as it would normally when sending an updated request.
当UAC在收到401(未授权)或407(需要代理身份验证)响应后重新提交带有其凭据的请求时,它必须像发送更新请求时一样增加CSeq报头字段值。
3587
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
