"Digest authentication has been around for quite some time, but has stayed in obscurity to some extent. This is probably due to the fact that a limited number of servers support it, and a limited number of clients support it as well. IIS also requires certain Active Directory settings to be made in order to use the built-in implementation. However, it overcomes many of the weaknesses of Basic authentication. In particular, it does not require an encrypted channel for communications, because passwords are not sent in clear text (as they are in Basic). The benefits definitely outweigh the costs, as evidenced by Microsoft choosing to use Digest for their MapPoint.NET service.
"
In this article, Greg Reinacker presents an interoperable implementation of Digest authentication, built using .NET managed code, without the use of the built-in IIS implementation and Active Directory. A very good read!
|