If you've ever made an HTTP request and got a 401 response status, the response headers most likely included 1 or more entries for
WWW-Authenticate. This flow is called "challenge and response" and it's part of the framework for doing HTTP Authentication.
This header is used to tell the client how it can authenticate in order to gain access to the requested resource.
For example, a response might include the following headers:
WWW-Authenticate: Basic WWW-Authenticate: NTLM
Which means that the requested resource supports both Basic and NTLM authentication schemes.
It's also possible for these headers to come back with other metadata about their authentication schemes like
Next time you get a 401, check out the response headers to see what Auth schemes are supported!Tweet