[Mono-dev] Re: [OT?] Apache digest authentication with ASP.NET/XHTML forms?

Robert Jordan robertj at gmx.net
Tue May 2 09:39:38 EDT 2006

Andrés G. Aragoneses [ knocte ] wrote:
> Some time ago I made a web application using Apache+PHP, and decided to
> use the Digest authentication of Apache [1] for the Back-Office part.
> This authentication consists of an .htaccess file that protects the
> subtree where it is located.
> Now that I am using Mono for developing web applications, I would like
> to ask if there is a method to make this type of authentication using
> web forms instead of browser-based (I suppose the answer should also
> apply to PHP web apps...).
> The advantages I see in using this kind of authentication are:
> 1) Cookieless.
> 2) No time-out for session expiration (it expires when the browser is
> closed).
> 3) The authentication is made at the webserver level: more secure.
> Of course, this could be also a good place to discuss these points, and
> to offer other suggestions if you have them.

A module for digest authentication is already exists, thanks to Gonzalo:


A sample how to use it is included in every Mono installation.
Have a look at $prefix/lib/xsp/test/web.config


More information about the Mono-devel-list mailing list