Digest Authentication in ASP.NET Core / Kestrel

Can I use digest authentication in ASP.NET Core / Kestrel? If so, how do I enable and use it?

I know that basic authentication will not and will not be implemented, because it was considered unsafe and slow , but I can not find anything about the digest.

I do not want to use IIS authentication, because I do not want to bind to Windows accounts, I want to use the user credential verification logic.

+8
source share
3 answers

The only digest out implementation currently available in Core is the one that is tied to integrated auth windows in IIS.

+4
source

If someone is looking for an answer. This code works for me:

using System.ServiceModel; var binding = new BasicHttpBinding(); binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Digest; binding.TextEncoding = Encoding.UTF8; binding.TransferMode = TransferMode.Buffered; binding.AllowCookies = false; binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly; var endpoint = new EndpointAddress(new Uri("http://website.domain/WebService.svc")); var client = new MessageServiceClient(binding, endpoint); client.ClientCredentials.HttpDigest.ClientCredential.UserName = "username"; client.ClientCredentials.HttpDigest.ClientCredential.Password = "password"; var response = client.CallMethod(); 
0
source

A bit about Kestrel, WebListener, and authentication servers

And how can you allow anonymous users to use WebListener:

 builder.UseWebListener(options => { options.Listener.AuthenticationManager.AuthenticationSchemes = AuthenticationSchemes.AllowAnonymous; }); 
-one
source

Source: https://habr.com/ru/post/1011523/


All Articles