Sunday, August 3, 2014

Basic and Digest mixed authentication with WebAPI

In my last post I talked about using both Basic and Digest authentication with WebAPI, but not at the same time. So what do you do when you want to used mixed authentication with both?

In principal you can support both Basic and Digest authentication at the same time, but your server has to issue the 401 challenge with Digest. This is because basic requires no token or server information to authenticate, where as digest requires a nonce from the server.

I have updated Rick's Basic authentication and Badri's Digest authentication implementation to work together as a pair of AuthorizationFilterAttributes. Here is the source:

public static class WebApiConfig
    public static void Register(HttpConfiguration config)
        config.Filters.Add(new BasicAuthorizationFilterAttribute(false));
        config.Filters.Add(new DigestAuthorizationFilterAttribute());
            new { controller = "data", id = RouteParameter.Optional }



  1. Implementing Basic and Digest mixed authentication with WebAPI offers a robust solution that enhances security while ensuring user convenience. By combining the strengths of both authentication methods, this approach provides a versatile framework suitable for diverse user scenarios. Basic authentication offers simplicity and compatibility across various platforms, while Digest authentication adds an extra layer of protection through message digest algorithms, safeguarding against potential security threats. This hybrid authentication method fosters trust and confidence among users, promoting seamless interaction with the WebAPI. Additionally, it underscores the commitment to prioritizing both security and user experience, ultimately contributing to a positive and reliable web service environment.

  2. Hey everyone, I've been following the insightful discussion on authentication methods, and it got me thinking about the importance of user-friendly tools in digital processes. One area where ease of use matters is in image editing. I recently came across a fantastic tool for background removal at It's streamlined and efficient, making it perfect for various projects, from personal photo editing to professional design work. Integrating such tools seamlessly into our workflows not only enhances productivity but also underscores the significance of accessibility in technology. I'd love to hear your thoughts on how user-friendly tools like this impact your digital endeavors. Looking forward to your insights!


Real Time Web Analytics