I have a webapplication which does the kerberos and basic authentication as well. I do not know what the client is capable of. So both auth mechanisms are sent in 401 reply.
The reply header will contain,
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="MyREALM"
But, I want the client to fall back to basic auth only if negotiate fails.
I want the flow should be like,
How can I do this? I modified the server code to do this. But the browser which is not in any domain (its supposed to do basic auth) does not respond after step2.