VisualBuilder
  Home > Aspnet > Tutorials > Digest Authentication - ASP.Net Security,Internationalisation and Deployment
Tell a friend
Link to us
Total Members
      Members: 84648
     
Sitemap Forum Chat
Home
ASP.Net Security,Internationalisation And Deployment Tutorial Home
1 . Introduction
2 . Relationship Between IIS and ASP.NET
3 . Authentication in ASP.Net
4 . Form Based Authentication
5 . Form Authentication Flow
6 . Passport Authentication
7 . Windows Authentication
8 . Configuring Windows Authentication
9 . Anonymous Authentication
10 . Basic Authentication
11 . Digest Authentication
12 . Integrated Windows Authentication
13 . Certificate Authentication
14 . Authorization
15 . Authentication Vs Authorization
16 . Impersonation
17 . Code Access security
18 . Internationalization
19 . Deployment
20 . Installing the Application
 
Aspnet Group Home
Aspnet Discussion (10)
Aspnet Members (2379)
Aspnet Resources
Aspnet Source Code (388)
Aspnet Articles (1)
Aspnet Blogs
Aspnet Jobs
Aspnet Components (201)
Aspnet Books
Aspnet Websites (21)
Aspnet News (105)
Aspnet Q & A (114)
- Aspnet Ask Question
- Aspnet Questions
- Aspnet Unanswered Questions
 
GROUPS
.NET
ASP.NET
.NET
C#
ASP
Visual Basic
Java
Java
JSP
EJB
Other
Delphi
C++
Ajax
UML
JavaScript
PHP
Web Design
Web Hosting
SQL Server
Oracle
Project Management
More Groups

 
LEARNING CENTER
TUTORIALS
.NET
.NET Tutorial
ASP Tutorial
ASP.NET Database Tutorial
ASP.NET Development Tips
ASP.Net Security,Internationalisation And Deployment
ASP.NET Server Controls Tips
ASP.NET Tutorial
C Sharp Tutorial
Web Development
Flex Tutorial
HTML Tutorial
Learn AJAX Tutorial
PHP Tutorial
Software Development
Database Tutorial
SQL Tutorial
UML Tutorial
Java
Ant Tutorial
EJB 3 Tutorial
Grails Tutorial
Hibernate Tutorial
Java 1.6 Tutorial
Java Tutorial
Java Web Component Tutorial
Java XML Tutorial
JDBC Tutorial
JDK1.5 Tutorial
JSF Tutorial
JSP And J2EE Design Tutorial
JSP Tutorial
Service-Oriented Architecture (SOA) Using Java Web Services Tutorial
Spring Tutorial
Struts Tutorial

RESOURCES
Q & A (436 )
Source Code (3275 )
Articles (11 )
Components (1589 )
News (888 )
Websites (1207 )

SUBMISSIONS
Submit Article
Submit Website
Submit News
Submit Source Code
Submit Component

COMMUNITY
Members Directory
Discussion Forum
Chat

SITE
About Us
Sitemap
Search
Contact Us
Link To Us
Feedback
Tell a Friend
Partners
Advertise


Aspnet security Tutorial
 Digest Authentication
  << Prev: Basic Authentication Next: Integrated Windows Authentication >>

Digest authentication is same as Basic Authentication but for the fact that the password is hashed before it is sent across the network. Digest authentication is new to Windows 2000 and IIS 5.0. This form of authentication encrypts the user's password information and provides a mechanism that helps prevent some common server attacks. Digest authentication does not send the credentials over the network using clear text as Basic authentication does. Instead, it uses a hashing mechanism called MD5 developed by RSA). Although it is a viable authentication option for Internet scenarios, the client and server requirements limit its widespread use.


 


Digest authentication consider when:



  • Web server is running Windows 2000 and users have Windows accounts stored in Active Directory.

  • All clients use either the .NET platform or Internet Explorer 5.x.

  • Need a stronger level of password encryption than that provided by Basic authentication.

  • Need to support authentication over the Internet.


Digest authentication not consider when-



• Clients using platforms other than .NET or Internet Explorer 5.0 or later.
• Users do not have Windows accounts stored in Active Directory.


 


There are three primary disadvantages:



  1. Digest authentication requires a modern browser that supports digest authentication. For Microsoft Internet Explorer users, version 5.0 or higher is required.

  2. It requires passwords to be stored in plain text (or in a reversible encrypted form that can be converted to plain text). This is contrary to the normal security model in Windows, which stores one-way password hashes in lieu of plain-text or encrypted passwords to protect the passwords if the server is compromised.

  3. Digest authentication uses pop-up dialog boxes to prompt for user names and passwords. Due to these restrictions, and because digest authentication doesn't support delegation (the ability to make a call from one machine to another and have the call execute as the caller on the remote machine) on Windows 2000 servers, digest authentication is not widely used.


Note: If ASP.NET application needs to run as the user authenticated by IIS Digest authentication, use the following Web.config configuration-

 < system.web>
<authentication mode =”Windows”/>
</system.web>
  << Prev: Basic Authentication Next: Integrated Windows Authentication >>
Aspnet Security Tutorial Home
Give feedback and win a prize.

 
   Printer Friendly
   Email to a friend
   Add to my Favourites    
  Download PDF version
   Report Bad Submissions
   Submit Feedback
 
  Delicious   Digg   Technorati   Blink   Furl   Reddit   Newsvine   Google Click each image to add
this page to each site.
 
 
Welcome Guest Signup
MEMBER'S PANEL
EMAIL
PASSWORD
Forgot your password?
New User? Click Here!
 
Resend Activation Email!
 
SEARCH
 
 
LINKS
Montignac Shop
motorola phone tools
online fax server
Video Surveillance
Gift to Pakistan
 
ADVERTISEMENT
 
PARTNER LIST

More
 
 
 

Home | Login | About Us | Contact Us | Privacy Policy | Advertising

© copyright 1999-2008 VisualBuilder.com