Menu
Is it possible to use digest authentication in ASP.NET Core / Kestrel? If it is, how do I enable and use it?
I know that basic authentication is not and will not be implemented because it's considered insecure and slow, but I can't find anything at all about digest.
I don't want to use IIS' authentication because I don't want to be tied to Windows accounts, I want use a custom credentials validation logic.
598
Digest authentication is another authentication type specified in HTTP 1.1. Unlike basic authentication, digest authentication does not require the password to be transmitted. Rather, the client takes the username and password and uses the MD5 hashing algorithm to create a hash, which is then sent to the SQL Server.
The cnonce value is an opaque quoted ASCII-only string value provided by the client and used by both client and server to avoid chosen plaintext attacks, to provide mutual authentication, and to provide some message integrity protection. See the descriptions below of the calculation of the rspauth and response values.
The HTTP Digest Authentication filter enables you to specify where API Gateway can find user profiles for authentication purposes. API Gateway can look up user profiles in the API Gateway's local repository. For more information on adding users to the local repository, see Manage API Gateway users.
Basic Authentication works by adding an Authorization header into a HTTP request. The value of the Authorization header must be Basic, followed by a space, followed by the username and password separated by a colon. The username and password are encoded using Base64.
The only implementation of digest auth currently available with Core is the one in IIS that's tied to integrated windows auth.
99
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
