While trying to use Digest authentication with HttpListener, I expected it to act fairly close to how Basic does. Basic works fine with no surprises. With Digest, however:
- HttpListener/http.sys driver takes on itself to authenticates user, without even passing request to my code (listener.GetContext() never gets unblocked) so ASP.NET application never has a chance to authenticate the user. I can see responses generated by "Microsoft-HTTPAPI/2.0" with WWW-Authenticate headers. I thought application should have a chance to authenticate the request with Digest user identity in the header. Is it possible to do?
- While insisting on Digest-authenticating users on its own, "Microsoft-HTTPAPI/2.0"/HttpListener/http.sys successfully authenticates domain users, but not computer users. I tried user name that includes computer name, realm name, computer name in the FQDN format - nothing works. Why such inconsistency?
View Complete Post