Showing posts with label Digest Authentication. Show all posts
Showing posts with label Digest Authentication. Show all posts

Saturday, August 16, 2014

System.Net.CredentialCache supports Digest Auth

In my last post I talked about implementing Digest Authentication in WebAPI. That was a server side implementation, but how do you make requests to that server? Good news: .NET's built in CredentialCache supports Digest Authentication!

PreAuthenticate

Be sure to enable PreAuthenticate, otherwise each request will require a new digest token have to make an additional two requests to get it! Do not worry, the request will not send your credentials without having a token first.

PreAuthenticate = false

PreAuthenticate = true

Read more »
Posted by at 1 comment:
Labels: , , , ,

Sunday, August 3, 2014

Basic and Digest mixed authentication with WebAPI

In my last post I talked about using both Basic and Digest authentication with WebAPI, but not at the same time. So what do you do when you want to used mixed authentication with both?

In principal you can support both Basic and Digest authentication at the same time, but your server has to issue the 401 challenge with Digest. This is because basic requires no token or server information to authenticate, where as digest requires a nonce from the server.

I have updated Rick's Basic authentication and Badri's Digest authentication implementation to work together as a pair of AuthorizationFilterAttributes. Here is the source:

public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        config.Filters.Add(new BasicAuthorizationFilterAttribute(false));
        config.Filters.Add(new DigestAuthorizationFilterAttribute());
 
        config.MapHttpAttributeRoutes();
 
        config.Routes.MapHttpRoute(
            "DefaultApi",
            "{controller}/{id}",
            new { controller = "data", id = RouteParameter.Optional }
        );
    }
}

Enjoy,
Tom

Posted by at No comments:
Labels: , , , ,

Thursday, July 31, 2014

WebAPI and Chrome Authentication Types

Google Chrome supports four HTTP authentication types:

  1. Basic
  2. Digest
  3. NTLM
  4. Negotiate

ASP.NET WebAPI has AuthorizationFilterAttributes which can be used to implement both Authentication and Authorization for your APIs. If you want to use Basic or Digest authentication, there are already several open source implementations available to help you out!

Do you need to used mixed authentication and support both Basic and Digest?
If so, be sure to check out my next blog post...

Enjoy,
Tom

Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)
Real Time Web Analytics