HTTPS & Digest Authentication

Asked 28/12, 2009 at 17:10 Answered 28/12, 2009 at 19:2

How to implement HTTPS with Digest Authentication in C#.Net? as per msdn, credential class has no support for SSL.. so how can we implement authentication? my code works with basic authentication but gives error with digest..

Wheaten answered 28/12, 2009 at 17:10 Comment(1)

Have you tried simply specifying the URL as https://... to the WebRequest object? – Abraham 28/12, 2009 at 17:27

You can specify the type of credential when creating a credential in the CredentialCache, which is used for WebClients and WebRequests. So, for example, to populate the CredentialCache to try Digest auth you could use

CredentialCache cache = new CredentialCache();
Uri prefix = new Uri ("http://www.example.com");
cache.Add (prefix, "Digest",  new NetworkCredential ("username", "passwd"));

WebClient wc = new WebClient();
wc.Credentials = cache;

As digest authentication is dependant on the destination URL, and the realm if it specifies one you do need to get those right.

Nieves answered 28/12, 2009 at 19:2 Comment(0)

You are trying to combine things that are usually considered to be alternatives to each other. HTTP Digest Authentication encrypts user credentials using MD5, which is not considered to be secure enough nowadays.

So, the message here is: use HTTPS with basic authentication.

Culler answered 28/12, 2009 at 18:42 Comment(1)

Digests have nonces, which act like a salt. So in theory if someone precomputes with all nonce values, or produces rainbow tables then that may be a problem, but in reality it's not. – Nieves 28/12, 2009 at 18:48

Recommended topics

Hot tags