Putting this information here for future readers’ benefit.
- 401 (Unauthorized) response header -> Request authentication header
- Here are several
WWW-Authenticateresponse headers. (The full list is at IANA: HTTP Authentication Schemes.)
WWW-Authenticate: Basic-> Authorization: Basic + token – Use for basic authenticationWWW-Authenticate: NTLM-> Authorization: NTLM + token (2 challenges)WWW-Authenticate: Negotiate-> Authorization: Negotiate + token – used for Kerberos authentication- By the way: IANA has this angry remark about
Negotiate: This authentication scheme violates both HTTP semantics (being connection-oriented) and syntax (use of syntax incompatible with the WWW-Authenticate and Authorization header field syntax).
- By the way: IANA has this angry remark about
You can set the Authorization: Basic header only when you also have the WWW-Authenticate: Basic header on your 401 challenge.
But since you have WWW-Authenticate: Negotiate this should be the case for Kerberos based authentication.