This is a utility class for working with HTTP authentication (Basic, Digest or NTLM) in HTTPRequest objects.

Usage is as follows: First, create a HTTPCredentials object containing the username and password.

Poco::Net::HTTPCredentials creds("user", "s3cr3t");

Second, send the HTTP request with Poco::Net::HTTPClientSession.

Poco::Net::HTTPClientSession session("pocoproject.org");
Poco::Net::HTTPRequest request(HTTPRequest::HTTP_GET, "/index.html", HTTPMessage::HTTP_1_1);
session.sendRequest(request);
Poco::Net::HTTPResponse;
std::istream& istr = session.receiveResponse(response);

If the server responds with a 401 status, authenticate the request and resend it:

if (response.getStatus() == Poco::Net::HTTPResponse::HTTP_UNAUTHORIZED)
{
    creds.authenticate(request, response);
    session.sendRequest(request);
    ...
}

To perform multiple authenticated requests, call updateAuthInfo() instead of authenticate() on subsequent requests.

creds.updateAuthInfo(request);
session.sendRequest(request);
...

Note: Do not forget to read the entire response stream from the 401 response before sending the authenticated request, otherwise there may be problems if a persistent connection is used.

Creates an empty HTTPCredentials object.

Creates an HTTPCredentials object with the given username and password.

Destroys the HTTPCredentials.

Inspects WWW-Authenticate header of the response, initializes the internal state (in case of digest authentication) and adds required information to the given HTTPRequest.

Does nothing if there is no WWW-Authenticate header in the HTTPResponse.

Clears username, password and host.

Returns true if both username and password are empty, otherwise false.

Extracts username and password from user:password information string.

Extracts username and password from the given URI (e.g.: "http://user:pass@sample.com/secret").

Extracts username and password from the given URI and sets username and password of the credentials object. Does nothing if URI has no user info part.

Parses username:password string and sets username and password of the credentials object. Throws SyntaxException on invalid user information.

Returns the target host. Only used for SSPI-based NTLM authentication using the credentials of the currently logged-in user on Windows.

Returns the password.

Returns the username.

Returns true if an Authorization header with Basic credentials is present in the request.

Returns true if an Authorization header with Digest credentials is present in the request.

Returns true if an Authorization header with NTLM credentials is present in the request.

Returns true if a Proxy-Authorization header with Basic credentials is present in the request.

Returns true if a Proxy-Authorization header with Digest credentials is present in the request.

Returns true if a Proxy-Authorization header with Digest credentials is present in the request.

Returns true if authentication header is for Basic authentication.

Returns true if authentication header is for Digest authentication.

Returns true if authentication header is for NTLM authentication.

Inspects Proxy-Authenticate header of the response, initializes the internal state (in case of digest authentication) and adds required information to the given HTTPRequest.

Does nothing if there is no Proxy-Authenticate header in the HTTPResponse.

Sets the target host. Only used for SSPI-based NTLM authentication using the credentials of the currently logged-in user on Windows.

Sets the password.

Sets the username.

Updates internal state (in case of digest authentication) and replaces authentication information in the request accordingly.

Updates internal state (in case of digest authentication) and replaces proxy authentication information in the request accordingly.