Authenticate in LDAP using Digest?
Question
My web application is using Digest authentication. There is no user password on server side. Now I need to authenticate a user in LDAP.
Is it possible? Any example in.Net/C#?
I can modify my Digest implementation algorithm, but I can not change it to Basic or any other authentication due to requirements.
Edit: As far as I see there is System.DirectoryServices.Protocols.LdapConnection.AuthType property that can be set to AuthType.Digest. How do I use this setting?
2 answers
solution1
0 2012-07-31 17:41:34
It could be possible if your building something new.
You could add the HA1 as an attribute in LDAP when you create the user. HA1 = MD5(username: realm: password) for Http digest.
Then when the user access the web server and provide a Authorization header. You could rebuild the authorization using the HA1 from LDAP and compare the result... But you would need to access the user HA1 value using the system admin credential which is not the best way.
solution2
0 2011-08-17 14:06:32
Short answer: no.
You are required to supply a plain-text password to the LDAP auth routine programmatically, which you cannot get from Digest - that's kind of the point of Digest.
The only work around I can think of is to connect to LDAP with a high-level account, and check whether the user could do what they are trying to do with that.
If you are trying to validate the user's login with LDAP, your a bit stuffed really. This is why most web services that authenticate against AD are either Basic auth over HTTPS, or use NTLM auth...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.