How can I use Digest Authorisation with my ASP.NET site?

views:

answers:

How can I use Digest Authorisation with my ASP.NET site?

Hi folks,

i wish to require a popup window for users to type, to access my website. For the username, password .. i was hoping to have a few hardcoded names/passwords in some file. I was told that Digest Authorisation could be used, to do this.

If i've got a stock standard ASP.NET website, where can i define the username's / password?

please note, this username/password only 'unlocks' the site .. but doesn't log them INTO the site. they will need their website username/password for that.

i hope that makes sence.

please help!

+1 A:

Depending on your access to the machine, a really simple option is a program called IISPassword, some providers have this installed, which allows you to use apache style .htaccess .htpassword files.

Once this is installed, setting up takes about 5 mins, just find a unix crypt function to handle the passwords, and it just works, don't have to touch aspnet at all.

Have only used this on IIS 5 and 6, but might work on 7.

Hope that helps.

seanb 2008-11-18 02:18:56

This requires the ability to install an ISAPI filter. It does not claim to be compatible with IIS 7. Link: http://www.iistools.com/en/iispassword.html

tvanfosson 2008-11-18 02:29:04

If i use a product like IISPassword, does that mean that after i've 'unlocked' the website, then i will still have to manually forms auth into the website, for pages that require u to be logged in? (this is what we want). ???

Pure.Krome 2008-11-18 02:48:34

From my experience, yes, has been a few years since I used it like that, so test it. We used to use it on our test servers, so pre-release stuff didn't get seen by the public. Once they have unlocked it, it means they're past that ISAPI filter, but not the forms auth.

seanb 2008-11-18 02:54:53

kewlies! that helps heaps. And was this the _only_ way you could 'lock' a site down, that you guys found?

Pure.Krome 2008-11-18 04:29:02

Not the only way, but one of the easiest, could look at more network admin kinda ways, VPNs, ACLs, that sorta thing, but I only really know enough to be dangerous in those areas. Stopped looking when we found something that worked well enough for testing.

seanb 2008-11-18 04:48:46

+1 A:

I think that your users will not appreciate having to enter two passwords to use your site. I think you would be better served to stick with the web site login as the sole means to access the site and simply redirect non-logged in users to the logon page. You may also want an "about us" page that is publicly available for potential future users if your site is public.

You can find a pretty comprehensive guide to authentication in ASP.NET here. According to the article, Digest Authentication requires that you store user ids/passwords in Active Directory.

tvanfosson 2008-11-18 02:25:26

thanks for the comment. The 'users' are our testing team, who access the site externally. We want to lock down the ENTIRE SITE to someone who might stuble across it randomly. It's got our dev stuff on there. So the 'user not appreciate' thing is not a concern.

Pure.Krome 2008-11-18 02:46:59

ansaurus

tags:

views:

answers:

How can I use Digest Authorisation with my ASP.NET site?

related questions