.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Bizzare behavior of Digest authentication with HttpListener.

Posted By:      Posted Date: August 27, 2010    Points: 0   Category :ASP.Net

While trying to use Digest authentication with HttpListener, I expected it to act fairly close to how Basic does. Basic works fine with no surprises. With Digest, however: 

  1. HttpListener/http.sys driver takes on itself to authenticates user, without even passing request to my code (listener.GetContext() never gets unblocked) so ASP.NET application never has a chance to authenticate the user. I can see responses generated by "Microsoft-HTTPAPI/2.0" with WWW-Authenticate headers. I thought application should have a chance to authenticate the request with Digest user identity in the header. Is it possible to do?
  2. While insisting on Digest-authenticating users on its own, "Microsoft-HTTPAPI/2.0"/HttpListener/http.sys successfully authenticates domain users, but not computer users. I tried user name that includes computer name, realm name, computer name in the FQDN format - nothing works. Why such inconsistency?

Thank you,


View Complete Post

More Related Resource Links

Strange Authentication Behavior...

I have an installation of SSRS 2008 that is exhibiting some very odd behavior with regards to authentication and permissions. I have SSRS installed on a box called SERVER1 and I'm a local admin on the box and an Administrator on the SSRS instance. This box has an IP address of When I go to the Report Manager URL, I see everything I should (Home, Site Settings, etc.) I'm able to go in and set up security and create folders and everything. What's odd is that if I use the IP address instead of the server name in the Report Manager URL, I get to the home page but there is nothing displayed, only Home, My Subscriptions, and Help. There are no report folders visible and the options available to admins aren't visible. One thing that may shed some light on things: if I do a ping -a on the IP address, it resolves to the host name. If I ping the host name, I get back a reply from ::1: I have no idea why permissions would differ between a host name and an IP address if they're the same server?? Any insight would be appreciated!A. M. Robinson

Setting up a Digest Authentication WCF service and consuming it


I have a WCF service that had been using NTLM authentication, but needed to recently switch it to digest authentication. The service is running on both an XP Professional machine, as well as a 2003 Server machine, both experiencing the same issues.


To set-up the digest authentication, I created the following in my web.config servicemodel section:



		<binding name="NtlmConnect" maxBufferSize="147483647" maxBufferPoolSize="147483647" 

Problem with digest authentication on IIS 5.1



I have WCF service on IIS 5.1 with active digest authentication (service and client are in windows domain).

Realm in IIS config window is set to: mydomain.site

Config file from service:

<transport clientCredentialType="Digest" proxyCredentialType="None" realm="mydomain.site" />

Config file from client is the same:

<transport clientCredentialType="Digest" 

Forms Authentication CrossAppRedirects behavior


I am developing a Single Sing-On application. I followed the instructions to share/set the cookie to the parent domain, share machine keys, so, the applications (all under the same 4th level domain, the documents says this will only work for the 2nd, and 3rd level domains, but somehow, this approach works for our 4th level domain) will be able to share the authentication cookie.

The users suppose to hit one of the applications. In the web.config file for the apps, the loginUrl is set the the login page at the SSO website, enableCrossAppRedirects="true", and the defaultUrl is set to the welcome page at the app's website.

But, what happened is, ASP.NET ignores all the defaultUrl settings (at the SSO site and application site), it always redirects to the Default.aspx which is the default setting for the forms authenitcation. I tried to do a Reponse.Redirect in the Authenticaion event handler, but the SSO app won't listen to that command.

I have a work-around which is using the Default.aspx page in the SSO application and do a Response.Redirect in the code behind. But I do not understand why Microsoft have it done that way. Is there any security risks if not forcing the redirects back to the default.aspx? or is this a bug?

Web service Windows Digest Authentication


I have created a web service and installed it on web server. I am using that service through client application without Authentication.

For using this service I have added web service reference with public IP of web server, it's working correctly

Note:-Both web server and client application are in same domain.

Now I am implementing the windows digest authentication in web service.But when i add the reference with public IP of web server in client application then Request is Timed Out.(ie.No response from web server within 110 seconds.)

If I add the reference with domain IP then it works correctly.

 Now my question is what is difference between adding reference with Public IP and Domain IP ?

And how it is related to windows Digest Authentication ?

Custom Editing Behavior for DataGridView TextBox Columns

For various reasons I'm using a DataGridView instead of a ListView, and while configuring the DataGridView to look like a ListView wasn't much of a problem, there's one thing that got on my nerves, which is the behavior of textbox cells in edit mode: It is much too easy to leave the edit mode accidentally, simply by pressing the cursor keys at the wrong time. For example when the text caret is positioned behind the last character of the textbox cell content, and you press the right arrow key

Explained: Forms Authentication in ASP.NET

This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.

ASP.NET forms authentication with roles

.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Forms Authentication in ASP.NET

In this tutorial you will learn about Forms Authentication in ASP.NET 2.0 - Forms Authentication class, Cookie Domain, Forms Cookies, The Login Control, Signin, Signout, Authenticate, Redirect, Login Status, Login Name and Login View Controls.

Run Button Behavior: Suggestion/Bug


Note: This could be a bug or considered as suggestion. I am not looking for solution.

1: I have ImageWatermark.cshtml open and currently in focus.

2: I have Photo1.jpg selected in left Files workspace.

3: Now if I Click "Run", instead of opening ImageWatermark.cshtml it trys to open Photo1.jpg and it fails.

So ideally I would expect the "open file (ImageWatermark.cshtml) to run rather than running the selection from Workspace.

Web Matrix + Windows Authentication


I'm curious if its possible to get windows auth working with asp.net webpages/webmatrix.

I've got it published to IIS with windows auth turned on and anonymous/forms/basic turned off.

I'm guessing the WebSecurity Helper probably won't work here but can you access User.Identity.Name etc?

Sorry for the newbie questions, I've only just started working with asp.net ^^,

Problems with Forms Authentication in DD 4 site


Hello,  I am seeing a strange problem with Forms Authentication in my DD site.   A user logs into and can view/edit/delete data all day, but when they execute a Custom Filter against data (for example , a control DynamicData/Filters/CustomerLastNameSearch.ascx ) then the site auth fails, and redirects to the log in screen.

in web.config I have

     <authentication mode="Forms">
            <forms name=".Star" loginUrl="~/Login.aspx" protection="All" defaultUrl="~/Default.aspx" path="/" timeout="43200" cookieless="UseCookies" />     

Offhand, I am thinking two things : that DynamicData/Filters path requires some special handling for some reason, or the control extension ascx is causing auth to get confused.   Has anyone else experienced this or have any suggestions?  Thanks!

Sharing authentication ticket between two applications


Hi all,

I have two web applications:

1. http://www.mysite.com - primary app running at the root of the web server

2. http://www.mysite.com/second_app - running in a virtual directory

At user authentication, I'm using FormsAuthenticationTicket to set up authentication cookies. Is it possible to share the same cookie for both the apps?

Any help would be much appreciated.

Many thanks!

Windows Authentication for IIS in Windows 7 Home Premium Edition - for ASP Websites.


How to create a virtual directory and get benefit of the IIS. Is there a workaround to accomplish this without the Windows Authentication for Windows 7 Home Premium Edition?

Thanks in advance, 

How to authenticate local user usin ldap or non domain authentication



I created one application, and I need to authenticate local user. This user is the user who is login to his/her Personal Computer.. Main thing his that he/she does not in any DOMAIN... I want NON-DOMAIN authentication.. any how.... please help...

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend