diff --git a/src/Tests/ServicesTest.php b/src/Tests/ServicesTest.php
index dda4a09..7b1da51 100644
--- a/src/Tests/ServicesTest.php
+++ b/src/Tests/ServicesTest.php
@@ -124,7 +124,7 @@ class ServicesTest extends \ServicesWebTestCase {
     $this->servicesGet($this->endpoint->path . '/user/' . $uid);
     $this->assertResponse(401);
     $challenge = $this->drupalGetHeader('WWW-Authenticate');
-    $this->assertIdentical(strtolower(substr($challenge, 0, 12)), 'basic realm=', 'Basic auth challenge header present');
+    $this->assertIdentical(substr($challenge, 0, 12), 'Basic realm=', 'Basic auth challenge header present');
     $this->assertIdentical(substr($challenge, 12), '"' . check_plain($this->realm) . '"', 'Basic auth realm present');
 
     // Try to get a protected resource with token auth.
@@ -137,4 +137,49 @@ class ServicesTest extends \ServicesWebTestCase {
     $this->assertEqual($response['body']->uid, $uid, 'Fetched correct user object');
   }
 
+  /**
+   * Test invalid authentication.
+   */
+  public function testInvalidAuthorizationHeader() {
+    $uid = $this->plainUser->uid;
+
+    // Try to get a protected resource with token auth lacking the colon. In
+    // this case it is expected that the Authorization header is ignored,
+    // authentication not attempted (user remains anonymous) and thus the
+    // response is a 401 for protected content.
+    $token = services_token($this->realm, $uid, REQUEST_TIME + 3600);
+    $headers = array(
+      'Authorization: Basic ' . base64_encode($token),
+    );
+    $response = $this->servicesGet($this->endpoint->path . '/user/' . $uid, NULL, $headers);
+    $this->assertResponse(401);
+    $this->assertEqual($response['body'], 'Access denied for user anonymous');
+
+    // Try to get a protected resource with an Authorization header with
+    // misspelled authentication scheme (lowercase). In this case it is expected
+    // that the Authorization header is ignored, authentication not attempted
+    // (user remains anonymous) and thus the response is a 401 for protected
+    // content.
+    $token = services_token($this->realm, $uid, REQUEST_TIME + 3600);
+    $headers = array(
+      'Authorization: basic ' . base64_encode($token . ':'),
+    );
+    $response = $this->servicesGet($this->endpoint->path . '/user/' . $uid, NULL, $headers);
+    $this->assertResponse(401);
+    $this->assertEqual($response['body'], 'Access denied for user anonymous');
+
+    // Try to get a protected resource with an Authorization header with a
+    // different authentication scheme starting with "Basic". In this case it is
+    // expected that the Authorization header is ignored, authentication not
+    // attempted (user remains anonymous) and thus the response is a 401 for
+    // protected content.
+    $token = services_token($this->realm, $uid, REQUEST_TIME + 3600);
+    $headers = array(
+      'Authorization: Basicstuff ' . base64_encode($token . ':'),
+    );
+    $response = $this->servicesGet($this->endpoint->path . '/user/' . $uid, NULL, $headers);
+    $this->assertResponse(401);
+    $this->assertEqual($response['body'], 'Access denied for user anonymous');
+  }
+
 }