[Mono-dev] Re: [OT?] Apache digest authentication with ASP.NET/XHTML forms?
Robert Jordan
robertj at gmx.net
Tue May 2 09:39:38 EDT 2006
Andrés G. Aragoneses [ knocte ] wrote:
> Some time ago I made a web application using Apache+PHP, and decided to
> use the Digest authentication of Apache [1] for the Back-Office part.
> This authentication consists of an .htaccess file that protects the
> subtree where it is located.
>
> Now that I am using Mono for developing web applications, I would like
> to ask if there is a method to make this type of authentication using
> web forms instead of browser-based (I suppose the answer should also
> apply to PHP web apps...).
>
> The advantages I see in using this kind of authentication are:
>
> 1) Cookieless.
> 2) No time-out for session expiration (it expires when the browser is
> closed).
> 3) The authentication is made at the webserver level: more secure.
>
> Of course, this could be also a good place to discuss these points, and
> to offer other suggestions if you have them.
A module for digest authentication is already exists, thanks to Gonzalo:
mcs/class/Mono.Http/Mono.Http.Modules/DigestAuthenticationModule.cs
A sample how to use it is included in every Mono installation.
Have a look at $prefix/lib/xsp/test/web.config
Robert
More information about the Mono-devel-list
mailing list