...
Back at the browser, the browser attempts to decrypt the challenge with the user's password to get the answer to the challenge, which the browser then sends to the web server as proof that the user is who they claim to be. If the web server determines that the answer is correct, the web server sends the originally requested page to the browser. If not, the user is presented with a "Unauthorized Access" page:
If the User Provides the Wrong Password |
|---|
 Image Modified
|
| Panel |
|---|
| borderColor | #ccc |
|---|
| bgColor | #FFFFCE |
|---|
| titleBGColor | #F7D6C1 |
|---|
| title | Browser Correctly Answere the Challenge and Get the Web Page |
|---|
| borderStyle | dashed |
|---|
|
http://glast-ground.slac.stanford.edu/ GET / HTTP/1.1
Host: glast-ground.slac.stanford.edu
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: CFTOKEN=84811003; CFID=906
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAAAAABAAAAAEAAQAEAAAAAO
AA4AUAAAAAAAAAAAAAAABYIIAGwAYQBuAGcAcwB0AG8AbgB0AHIAaQBuAGkAdAB5AGnvMd+cF8Ap
AAAAAAAAAAAAAAAAAAAAAKR+uySl79KWtB9ldk9LLw/n1IUXoy8IeQ== HTTP/1.x 200 OK
Connection: close
Date: Sun, 19 Dec 2004 01:24:08 GMT
Server: Microsoft-IIS/6.0
Set-Cookie: JSESSIONID=98307ef1b78b$3F$B77B;path=/
Set-Cookie: CFAUTHORIZATION_glast_ground=;expires=Fri, 19-Dec-2003 01:24:08 GMT;path=/
Content-Type: text/html; charset=UTF-8 |