| Components | All | New | MacOS | Windows | Linux | iOS | ||||
| Examples | Mac & Win | Server | Client | Guides | Statistic | FMM | Blog | Deprecated | Old | |
CURL.SetOptionHTTPAuth
Defines which HTTP authentication methods are used.
| Component | Version | macOS | Windows | Linux | Server | iOS SDK |
| CURL | 2.5 | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
MBS( "CURL.SetOptionHTTPAuth"; curl; Value ) More
Parameters
| Parameter | Description | Example |
|---|---|---|
| curl | The CURL session handle. | $curl |
| Value | Which http authentication to use. | 15 |
Result
Returns "OK" on success.
Description
Defines which HTTP authentication methods are used.Pass a number as parameter, which is set to a bitmask, to tell libcurl which authentication method(s) you want it to use. The available bits are listed below. If more than one bit is set, libcurl will first query the site to see which authentication methods it supports and then pick the best one you allow it to use. For some methods, this will induce an extra network round-trip. Set the actual name and password with the CURL.SetOptionUserName and the CURL.SetOptionPassword options.
| CURLAUTH_BASIC | 1 | HTTP Basic authentication. This is the default choice, and the only method that is in wide-spread use and supported virtually everywhere. This sends the user name and password over the network in plain text, easily captured by others. |
| CURLAUTH_DIGEST | 2 | HTTP Digest authentication. Digest authentication is defined in RFC 2617 and is a more secure way to do authentication over public networks than the regular old-fashioned Basic method. |
| CURLAUTH_DIGEST_IE | 16 | HTTP Digest authentication with an IE flavor. Digest authentication is defined in RFC 2617 and is a more secure way to do authentication over public networks than the regular old-fashioned Basic method. The IE flavor is simply that libcurl will use a special "quirk" that IE is known to have used before version 7 and that some servers require the client to use. (This define was added in 7.19.3) |
| CURLAUTH_GSSNEGOTIATE | 4 | HTTP GSS-Negotiate authentication. The GSS-Negotiate (also known as plain "Negotiate") method was designed by Microsoft and is used in their web applications. It is primarily meant as a support for Kerberos5 authentication but may also be used along with other authentication methods. For more information see IETF draft draft-brezak-spnego-http-04.txt. You need to build libcurl with a suitable GSS-API library for this to work. |
| CURLAUTH_NTLM | 8 | HTTP NTLM authentication. A proprietary protocol invented and used by Microsoft. It uses a challenge-response and hash concept similar to Digest, to prevent the password from being eavesdropped. You need to build libcurl with OpenSSL support for this option to work, or build libcurl on Windows. |
| CURLAUTH_ANY | 15 | This is a convenience macro that sets all bits and thus makes libcurl pick any it finds suitable. libcurl will automatically select the one it finds most secure. |
| CURLAUTH_ANYSAFE | 14 | This is a convenience macro that sets all bits except Basic and thus makes libcurl pick any it finds suitable. libcurl will automatically select the one it finds most secure. |
See also HTTPAUTH option in CURL manual.
Examples
Request GSS-Negotiate:
MBS( "CURL.SetOptionHTTPAuth"; $curl; 4 )
Use BASIC or Digest authorization:
MBS( "CURL.SetOptionHTTPAuth"; $curl; 1+2+16 )
See also
- CURL.GetHTTPAuthAvail
- CURL.GetProxyAuthAvail
- CURL.SetOptionFTPPort
- CURL.SetOptionFTPSSLAuth
- CURL.SetOptionHTTPHeader
- CURL.SetOptionMailAuth
- CURL.SetOptionPassword
- CURL.SetOptionProxyAuth
- CURL.SetOptionSocks5Auth
- CURL.SetOptionUserName
Blog Entries
Created 18th August 2014, last changed 13th June 2019
CURL.SetOptionHTTP200Aliases - CURL.SetOptionHTTPContentDecoding
