[Mono-dev] Re: [OT?] Apache digest authentication with ASP.NET/XHTML forms?

"Andrés G. Aragoneses [ knocte ] "Andrés G. Aragoneses [ knocte ]
Tue May 2 11:35:23 EDT 2006


Robert Jordan escribió:
> Andrés G. Aragoneses [ knocte ] wrote:
>> Some time ago I made a web application using Apache+PHP, and decided to
>> use the Digest authentication of Apache [1] for the Back-Office part.
>> This authentication consists of an .htaccess file that protects the
>> subtree where it is located.
>>
>> Now that I am using Mono for developing web applications, I would like
>> to ask if there is a method to make this type of authentication using
>> web forms instead of browser-based (I suppose the answer should also
>> apply to PHP web apps...).
>>
>> The advantages I see in using this kind of authentication are:
>>
>> 1) Cookieless.
>> 2) No time-out for session expiration (it expires when the browser is
>> closed).
>> 3) The authentication is made at the webserver level: more secure.
>>
>> Of course, this could be also a good place to discuss these points, and
>> to offer other suggestions if you have them.
> 
> A module for digest authentication is already exists, thanks to Gonzalo:
> 
> mcs/class/Mono.Http/Mono.Http.Modules/DigestAuthenticationModule.cs
> 
> A sample how to use it is included in every Mono installation.
> Have a look at $prefix/lib/xsp/test/web.config
> 
> Robert

Thanks very much. I will have a look!

BTW, I suppose this (or an analogous technique) is not available in
MS.NET but it may be exported for it, am I right?

Regards,

	Andrés	[ knocte ]

-- 




More information about the Mono-devel-list mailing list