Digest auth in .net 1.1 and Active Directory

Discussion in 'ASP .Net Security' started by Sevgi, Dec 18, 2007.

  1. Sevgi

    Sevgi Guest

    Hi,

    I've a problem with the AD digest auth. in .net 1.1. In fact I don't have
    information about AD and windows authentication. I'm developing a project
    which will use digest auth. and user information from AD. When a user try to
    open web site, he/she should see logon dialog. After entered required
    information user can see the pages. But when a user try to submit some data
    to database, application must chek if user authenticated, if not then must
    show logon dialog and request user info again. Because I don't have enough
    knowledge about AD I couldn't get it all.

    I know that I should modify web.config for windows aut. and should choose
    digest auth. on IIS. But my problem starts with the code. How can I check if
    he/she authenticated and show logon dialog box?

    I'm confused :(

    I appreciate if someone can help.

    Thank you,
    Sevgi
     
    Sevgi, Dec 18, 2007
    #1
    1. Advertising

  2. Sevgi

    Joe Kaplan Guest

    ..NET 1.1 has no support for DIGEST auth with AD. .NET 2.0+ has support for
    DIGEST auth via LDAP using System.DirectoryServices.Protocols. You could
    interop with native code at the SSPI level to do DIGEST auth as well,
    although there are no wrappers at all for this in .NET. .NET 2.0 contains
    wrappers for Negotiate and SSL auth with NegotiateStream and SslStream, but
    there is no "DigestStream" to support Digest auth at the SSPI/network level.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Sevgi" <> wrote in message
    news:...
    > Hi,
    >
    > I've a problem with the AD digest auth. in .net 1.1. In fact I don't have
    > information about AD and windows authentication. I'm developing a project
    > which will use digest auth. and user information from AD. When a user try
    > to
    > open web site, he/she should see logon dialog. After entered required
    > information user can see the pages. But when a user try to submit some
    > data
    > to database, application must chek if user authenticated, if not then must
    > show logon dialog and request user info again. Because I don't have enough
    > knowledge about AD I couldn't get it all.
    >
    > I know that I should modify web.config for windows aut. and should choose
    > digest auth. on IIS. But my problem starts with the code. How can I check
    > if
    > he/she authenticated and show logon dialog box?
    >
    > I'm confused :(
    >
    > I appreciate if someone can help.
    >
    > Thank you,
    > Sevgi
     
    Joe Kaplan, Dec 18, 2007
    #2
    1. Advertising

  3. Sevgi

    Sevgi Guest

    Hi Joe,

    Thank you for reply.
    Under this circumstances what should I do? I have to use .NET 1.1 becuase of
    the project environment.

    When a user opened the home page of the site, I can get user's logon name
    and chek if it's exist in AD. Then redirect to user which page I want. how
    can I show logon dialog box to user when user tries to save data to db? It
    seems I can not do something like this in 1.1 :(


    Thank you,
    Sevgi

    "Joe Kaplan" wrote:

    > ..NET 1.1 has no support for DIGEST auth with AD. .NET 2.0+ has support for
    > DIGEST auth via LDAP using System.DirectoryServices.Protocols. You could
    > interop with native code at the SSPI level to do DIGEST auth as well,
    > although there are no wrappers at all for this in .NET. .NET 2.0 contains
    > wrappers for Negotiate and SSL auth with NegotiateStream and SslStream, but
    > there is no "DigestStream" to support Digest auth at the SSPI/network level.
    >
    > Joe K.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services Programming"
    > http://www.directoryprogramming.net
    > --
    > "Sevgi" <> wrote in message
    > news:...
    > > Hi,
    > >
    > > I've a problem with the AD digest auth. in .net 1.1. In fact I don't have
    > > information about AD and windows authentication. I'm developing a project
    > > which will use digest auth. and user information from AD. When a user try
    > > to
    > > open web site, he/she should see logon dialog. After entered required
    > > information user can see the pages. But when a user try to submit some
    > > data
    > > to database, application must chek if user authenticated, if not then must
    > > show logon dialog and request user info again. Because I don't have enough
    > > knowledge about AD I couldn't get it all.
    > >
    > > I know that I should modify web.config for windows aut. and should choose
    > > digest auth. on IIS. But my problem starts with the code. How can I check
    > > if
    > > he/she authenticated and show logon dialog box?
    > >
    > > I'm confused :(
    > >
    > > I appreciate if someone can help.
    > >
    > > Thank you,
    > > Sevgi

    >
    >
    >
     
    Sevgi, Dec 22, 2007
    #3
  4. Sevgi

    Joe Kaplan Guest

    Explain why you think that use case requires Digest authentication to AD?
    Digest auth is a fairly special case thing to use and is used infrequently
    with AD. People build web sites all the time that authenticate users
    against AD and save data in a database without using Digest auth. Normally,
    you use basic or integrated authentication from IIS or implement normal
    ASP.NET forms auth (which does not require Digest auth either).

    Normally, people need digest auth against AD (or more frequently ADAM)
    because they need to authenticate users and can't use SSL/LDAP or negotiate
    authentication via LDAP.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Sevgi" <> wrote in message
    news:...
    > Hi Joe,
    >
    > Thank you for reply.
    > Under this circumstances what should I do? I have to use .NET 1.1 becuase
    > of
    > the project environment.
    >
    > When a user opened the home page of the site, I can get user's logon name
    > and chek if it's exist in AD. Then redirect to user which page I want. how
    > can I show logon dialog box to user when user tries to save data to db? It
    > seems I can not do something like this in 1.1 :(
    >
    >
    > Thank you,
    > Sevgi
    >
    > "Joe Kaplan" wrote:
    >
    >> ..NET 1.1 has no support for DIGEST auth with AD. .NET 2.0+ has support
    >> for
    >> DIGEST auth via LDAP using System.DirectoryServices.Protocols. You could
    >> interop with native code at the SSPI level to do DIGEST auth as well,
    >> although there are no wrappers at all for this in .NET. .NET 2.0
    >> contains
    >> wrappers for Negotiate and SSL auth with NegotiateStream and SslStream,
    >> but
    >> there is no "DigestStream" to support Digest auth at the SSPI/network
    >> level.
    >>
    >> Joe K.
    >>
    >> --
    >> Joe Kaplan-MS MVP Directory Services Programming
    >> Co-author of "The .NET Developer's Guide to Directory Services
    >> Programming"
    >> http://www.directoryprogramming.net
    >> --
    >> "Sevgi" <> wrote in message
    >> news:...
    >> > Hi,
    >> >
    >> > I've a problem with the AD digest auth. in .net 1.1. In fact I don't
    >> > have
    >> > information about AD and windows authentication. I'm developing a
    >> > project
    >> > which will use digest auth. and user information from AD. When a user
    >> > try
    >> > to
    >> > open web site, he/she should see logon dialog. After entered required
    >> > information user can see the pages. But when a user try to submit some
    >> > data
    >> > to database, application must chek if user authenticated, if not then
    >> > must
    >> > show logon dialog and request user info again. Because I don't have
    >> > enough
    >> > knowledge about AD I couldn't get it all.
    >> >
    >> > I know that I should modify web.config for windows aut. and should
    >> > choose
    >> > digest auth. on IIS. But my problem starts with the code. How can I
    >> > check
    >> > if
    >> > he/she authenticated and show logon dialog box?
    >> >
    >> > I'm confused :(
    >> >
    >> > I appreciate if someone can help.
    >> >
    >> > Thank you,
    >> > Sevgi

    >>
    >>
    >>
     
    Joe Kaplan, Dec 22, 2007
    #4
  5. Sevgi

    Sevgi Guest

    Joe, it's not my opinion to use digest auth. Indeed I prefer to use forms
    auth or basic auth as you said. But project owner insist on this. Because of
    this I'm looking for a solution. It seems I have to convince them.

    Thak you for your support.
    Sevgi


    "Joe Kaplan" wrote:

    > Explain why you think that use case requires Digest authentication to AD?
    > Digest auth is a fairly special case thing to use and is used infrequently
    > with AD. People build web sites all the time that authenticate users
    > against AD and save data in a database without using Digest auth. Normally,
    > you use basic or integrated authentication from IIS or implement normal
    > ASP.NET forms auth (which does not require Digest auth either).
    >
    > Normally, people need digest auth against AD (or more frequently ADAM)
    > because they need to authenticate users and can't use SSL/LDAP or negotiate
    > authentication via LDAP.
    >
    > Joe K.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services Programming"
    > http://www.directoryprogramming.net
    > --
    > "Sevgi" <> wrote in message
    > news:...
    > > Hi Joe,
    > >
    > > Thank you for reply.
    > > Under this circumstances what should I do? I have to use .NET 1.1 becuase
    > > of
    > > the project environment.
    > >
    > > When a user opened the home page of the site, I can get user's logon name
    > > and chek if it's exist in AD. Then redirect to user which page I want. how
    > > can I show logon dialog box to user when user tries to save data to db? It
    > > seems I can not do something like this in 1.1 :(
    > >
    > >
    > > Thank you,
    > > Sevgi
    > >
    > > "Joe Kaplan" wrote:
    > >
    > >> ..NET 1.1 has no support for DIGEST auth with AD. .NET 2.0+ has support
    > >> for
    > >> DIGEST auth via LDAP using System.DirectoryServices.Protocols. You could
    > >> interop with native code at the SSPI level to do DIGEST auth as well,
    > >> although there are no wrappers at all for this in .NET. .NET 2.0
    > >> contains
    > >> wrappers for Negotiate and SSL auth with NegotiateStream and SslStream,
    > >> but
    > >> there is no "DigestStream" to support Digest auth at the SSPI/network
    > >> level.
    > >>
    > >> Joe K.
    > >>
    > >> --
    > >> Joe Kaplan-MS MVP Directory Services Programming
    > >> Co-author of "The .NET Developer's Guide to Directory Services
    > >> Programming"
    > >> http://www.directoryprogramming.net
    > >> --
    > >> "Sevgi" <> wrote in message
    > >> news:...
    > >> > Hi,
    > >> >
    > >> > I've a problem with the AD digest auth. in .net 1.1. In fact I don't
    > >> > have
    > >> > information about AD and windows authentication. I'm developing a
    > >> > project
    > >> > which will use digest auth. and user information from AD. When a user
    > >> > try
    > >> > to
    > >> > open web site, he/she should see logon dialog. After entered required
    > >> > information user can see the pages. But when a user try to submit some
    > >> > data
    > >> > to database, application must chek if user authenticated, if not then
    > >> > must
    > >> > show logon dialog and request user info again. Because I don't have
    > >> > enough
    > >> > knowledge about AD I couldn't get it all.
    > >> >
    > >> > I know that I should modify web.config for windows aut. and should
    > >> > choose
    > >> > digest auth. on IIS. But my problem starts with the code. How can I
    > >> > check
    > >> > if
    > >> > he/she authenticated and show logon dialog box?
    > >> >
    > >> > I'm confused :(
    > >> >
    > >> > I appreciate if someone can help.
    > >> >
    > >> > Thank you,
    > >> > Sevgi
    > >>
    > >>
    > >>

    >
    >
    >
     
    Sevgi, Dec 24, 2007
    #5
  6. Sevgi

    Joe Kaplan Guest

    Can you explain where the Digest authentication needs to be used? IIS
    supports Digest auth against AD, so if your browsers also support Digest
    auth, you just need to enable that checkbox in IIS.

    If the idea is to use forms authentication in ASP.NET but verify the
    credentials programmatically against AD using Digest auth, you'll find that
    is rather hard to do in .NET 1.1 and not that easy to do in .NET 2.0
    (although possible).

    Please explain more.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Sevgi" <> wrote in message
    news:...
    > Joe, it's not my opinion to use digest auth. Indeed I prefer to use forms
    > auth or basic auth as you said. But project owner insist on this. Because
    > of
    > this I'm looking for a solution. It seems I have to convince them.
    >
    > Thak you for your support.
    > Sevgi
    >
    >
    > "Joe Kaplan" wrote:
    >
    >> Explain why you think that use case requires Digest authentication to AD?
    >> Digest auth is a fairly special case thing to use and is used
    >> infrequently
    >> with AD. People build web sites all the time that authenticate users
    >> against AD and save data in a database without using Digest auth.
    >> Normally,
    >> you use basic or integrated authentication from IIS or implement normal
    >> ASP.NET forms auth (which does not require Digest auth either).
    >>
    >> Normally, people need digest auth against AD (or more frequently ADAM)
    >> because they need to authenticate users and can't use SSL/LDAP or
    >> negotiate
    >> authentication via LDAP.
    >>
    >> Joe K.
    >>
    >> --
    >> Joe Kaplan-MS MVP Directory Services Programming
    >> Co-author of "The .NET Developer's Guide to Directory Services
    >> Programming"
    >> http://www.directoryprogramming.net
    >> --
    >> "Sevgi" <> wrote in message
    >> news:...
    >> > Hi Joe,
    >> >
    >> > Thank you for reply.
    >> > Under this circumstances what should I do? I have to use .NET 1.1
    >> > becuase
    >> > of
    >> > the project environment.
    >> >
    >> > When a user opened the home page of the site, I can get user's logon
    >> > name
    >> > and chek if it's exist in AD. Then redirect to user which page I want.
    >> > how
    >> > can I show logon dialog box to user when user tries to save data to db?
    >> > It
    >> > seems I can not do something like this in 1.1 :(
    >> >
    >> >
    >> > Thank you,
    >> > Sevgi
    >> >
    >> > "Joe Kaplan" wrote:
    >> >
    >> >> ..NET 1.1 has no support for DIGEST auth with AD. .NET 2.0+ has
    >> >> support
    >> >> for
    >> >> DIGEST auth via LDAP using System.DirectoryServices.Protocols. You
    >> >> could
    >> >> interop with native code at the SSPI level to do DIGEST auth as well,
    >> >> although there are no wrappers at all for this in .NET. .NET 2.0
    >> >> contains
    >> >> wrappers for Negotiate and SSL auth with NegotiateStream and
    >> >> SslStream,
    >> >> but
    >> >> there is no "DigestStream" to support Digest auth at the SSPI/network
    >> >> level.
    >> >>
    >> >> Joe K.
    >> >>
    >> >> --
    >> >> Joe Kaplan-MS MVP Directory Services Programming
    >> >> Co-author of "The .NET Developer's Guide to Directory Services
    >> >> Programming"
    >> >> http://www.directoryprogramming.net
    >> >> --
    >> >> "Sevgi" <> wrote in message
    >> >> news:...
    >> >> > Hi,
    >> >> >
    >> >> > I've a problem with the AD digest auth. in .net 1.1. In fact I don't
    >> >> > have
    >> >> > information about AD and windows authentication. I'm developing a
    >> >> > project
    >> >> > which will use digest auth. and user information from AD. When a
    >> >> > user
    >> >> > try
    >> >> > to
    >> >> > open web site, he/she should see logon dialog. After entered
    >> >> > required
    >> >> > information user can see the pages. But when a user try to submit
    >> >> > some
    >> >> > data
    >> >> > to database, application must chek if user authenticated, if not
    >> >> > then
    >> >> > must
    >> >> > show logon dialog and request user info again. Because I don't have
    >> >> > enough
    >> >> > knowledge about AD I couldn't get it all.
    >> >> >
    >> >> > I know that I should modify web.config for windows aut. and should
    >> >> > choose
    >> >> > digest auth. on IIS. But my problem starts with the code. How can I
    >> >> > check
    >> >> > if
    >> >> > he/she authenticated and show logon dialog box?
    >> >> >
    >> >> > I'm confused :(
    >> >> >
    >> >> > I appreciate if someone can help.
    >> >> >
    >> >> > Thank you,
    >> >> > Sevgi
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
     
    Joe Kaplan, Dec 26, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Reese
    Replies:
    3
    Views:
    442
    John Reese
    Jan 3, 2005
  2. Thomas Liesner

    xmlrpc and auth-digest

    Thomas Liesner, Jan 8, 2007, in forum: Python
    Replies:
    1
    Views:
    443
    Laszlo Nagy
    Jan 8, 2007
  3. Tammy Mc
    Replies:
    3
    Views:
    233
    Tammy Mc
    Oct 1, 2006
  4. myalo
    Replies:
    4
    Views:
    1,377
    A. Sinan Unur
    Nov 28, 2007
  5. Replies:
    2
    Views:
    357
    Julian Cromarty
    Jun 26, 2013
Loading...

Share This Page