How to implement HTTPS with Digest Authentication in C#.Net? as per msdn, credential class has no support for SSL.. so how can we implement authentication? my code works with basic authentication but gives error with digest..
A:
You are trying to combine things that are usually considered to be alternatives to each other. HTTP Digest Authentication encrypts user credentials using MD5, which is not considered to be secure enough nowadays.
So, the message here is: use HTTPS with basic authentication.
Vitaliy Liptchinsky
2009-12-28 18:42:04
Digests have nonces, which act like a salt. So in theory if someone precomputes with all nonce values, or produces rainbow tables then that may be a problem, but in reality it's not.
blowdart
2009-12-28 18:48:29
A:
You can specify the type of credential when creating a credential in the CredentialCache, which is used for WebClients and WebRequests. So, for example, to populate the CredentialCache to try Digest auth you could use
CredentialCache cache = new CredentialCache();
Uri prefix = new Uri ("http://www.example.com");
cache.Add (prefix, "Digest", new NetworkCredential ("username", "passwd"));
WebClient wc = new WebClient();
wc.Credentials = cache;
As digest authentication is dependant on the destination URL, and the realm if it specifies one you do need to get those right.
blowdart
2009-12-28 19:02:32