Nonce = +Upgraded+v1097244059cf911a4769d92eb396750af8ecc8379061bcc011b64eac25c40a00af22776c0b64a725804946190fa783aaff288e045c636417d CNonce1 = 26d31067184c38cec465d70008f78fae CNonce2 = d44acb2abdd414f58a3d0f7e6650aedc Method1 = HEAD Method2 = GET Counter1 = 00000001 Counter2 = 00000002 URL = / QOP = auth Username = username Realm = subnet.domain.com Password = password HttpClient Implementation: 1st Request A1 = MD5(MD5(Username:Realm:Password):Nonce:CNonce1) = 74d41b354cec9fa0cf3f5ec330bcdedf A2 = MD5(Method1:URL) = 40e0cbf6fdb879a0b6225c7340a1da4a Response = MD5(A1:Nonce:Counter1:CNonce1:QOP:A2) = a5ca40420306b66d089dab72f86c3cf9 2nd Request A1 = MD5(MD5(Username:Realm:Password):Nonce:CNonce2) = 63bde9cccfaa3106c51a4cc498e9ef5b A2 = MD5(Method2:URL) = 71998c64aea37ae77020c49c00f73fa8 Response = MD5(A1:Nonce:Counter2:CNonce2:QOP:A2) = 49cd8f9b858a692f0917cd364aa781b2 Internet Explorer Implementation: 1st Request A1 = MD5(MD5(Username:Realm:Password):Nonce:CNonce1) = 74d41b354cec9fa0cf3f5ec330bcdedf A2 = MD5(Method1:URL) = 40e0cbf6fdb879a0b6225c7340a1da4a Response = MD5(A1:Nonce:Counter1:CNonce1:QOP:A2) = a5ca40420306b66d089dab72f86c3cf9 2nd Request A1 unchanged A2 = MD5(Method2:URL) = 71998c64aea37ae77020c49c00f73fa8 Response = MD5(A1:Nonce:Counter2:CNonce1:QOP:A2) = 4acc43f86e76e1663410e8f753479f89 RFC2617 Implementation (my interpretation): 1st Request A1 = MD5(MD5(Username:Realm:Password):Nonce:CNonce1) = 74d41b354cec9fa0cf3f5ec330bcdedf A2 = MD5(Method1:URL) = 40e0cbf6fdb879a0b6225c7340a1da4a Response = MD5(A1:Nonce:Counter1:CNonce1:QOP:A2) = a5ca40420306b66d089dab72f86c3cf9 2nd Request A1 unchanged A2 = MD5(Method2:URL) = 71998c64aea37ae77020c49c00f73fa8 Response = MD5(A1:Nonce:Counter2:CNonce2:QOP:A2) = caedc3d638c6b842a6390613e313f348