Digest auth in .net 1.1 and Active Directory

[Sevgi]

Hi,

I've a problem with the AD digest auth. in .net 1.1. In fact I don't have
information about AD and windows authentication. I'm developing a project
which will use digest auth. and user information from AD. When a user try to
open web site, he/she should see logon dialog. After entered required
information user can see the pages. But when a user try to submit some data
to database, application must chek if user authenticated, if not then must
show logon dialog and request user info again. Because I don't have enough
knowledge about AD I couldn't get it all.

I know that I should modify web.config for windows aut. and should choose
digest auth. on IIS. But my problem starts with the code. How can I check if
he/she authenticated and show logon dialog box?

I'm confused

I appreciate if someone can help.

Thank you,
Sevgi

 

[Joe Kaplan]

..NET 1.1 has no support for DIGEST auth with AD. .NET 2.0+ has support for
DIGEST auth via LDAP using System.DirectoryServices.Protocols. You could
interop with native code at the SSPI level to do DIGEST auth as well,
although there are no wrappers at all for this in .NET. .NET 2.0 contains
wrappers for Negotiate and SSL auth with NegotiateStream and SslStream, but
there is no "DigestStream" to support Digest auth at the SSPI/network level.

Joe K.

 

[Sevgi]

Hi Joe,

Thank you for reply.
Under this circumstances what should I do? I have to use .NET 1.1 becuase of
the project environment.

When a user opened the home page of the site, I can get user's logon name
and chek if it's exist in AD. Then redirect to user which page I want. how
can I show logon dialog box to user when user tries to save data to db? It
seems I can not do something like this in 1.1


Thank you,
Sevgi

 

[Joe Kaplan]

Explain why you think that use case requires Digest authentication to AD?
Digest auth is a fairly special case thing to use and is used infrequently
with AD. People build web sites all the time that authenticate users
against AD and save data in a database without using Digest auth. Normally,
you use basic or integrated authentication from IIS or implement normal
ASP.NET forms auth (which does not require Digest auth either).

Normally, people need digest auth against AD (or more frequently ADAM)
because they need to authenticate users and can't use SSL/LDAP or negotiate
authentication via LDAP.

Joe K.

 

[Sevgi]

Joe, it's not my opinion to use digest auth. Indeed I prefer to use forms
auth or basic auth as you said. But project owner insist on this. Because of
this I'm looking for a solution. It seems I have to convince them.

Thak you for your support.
Sevgi

 

[Joe Kaplan]

Can you explain where the Digest authentication needs to be used? IIS
supports Digest auth against AD, so if your browsers also support Digest
auth, you just need to enable that checkbox in IIS.

If the idea is to use forms authentication in ASP.NET but verify the
credentials programmatically against AD using Digest auth, you'll find that
is rather hard to do in .NET 1.1 and not that easy to do in .NET 2.0
(although possible).

Please explain more.

Joe K.