Re: Windows authentification : HTTP header "AUTHORIZATION" ?

From: Greg Reinacker (gregnews@rassoc.com)
Date: 09/03/02


From: "Greg Reinacker" <gregnews@rassoc.com>
Date: Mon, 2 Sep 2002 19:51:53 -0600


Digest also does not transmit the password clear-text; rather, a hash of the
password (and other information) is used.

--
Greg Reinacker
Reinacker & Associates, Inc.
http://www.rassoc.com
http://www.rassoc.com/gregr/weblog/
"Arild Bakken" <arildb_@hotmail.com> wrote in message
news:ewPBNAoUCHA.3792@tkmsftngp11...
> When integrated security is used the password is never sent, only a hash
key
> that is verified with the domain controller. Since the password is not
sent,
> and it is not possible to get a users password from a domain controller,
you
> cannot get it. If you need the password, use Basic authentication (or
> perhaps digest authentication will work, but I've never tried that)
>
>
> Arild
>
> mikej wrote:
> > Hello,
> > i use both Integrated and Basic.
> > So, i can retrieve the password when Basic is used.
> > Are you sure that it is not possible to get the password
> > when integrated is used ?
> > thanks
> > mike-j
> >> -----Original Message-----
> >> If you're using Integrated Windows authentication, you're out of
> >> luck - you're not going to be able to authenticate against your
> >> database, unless you implement the NTLM or Kerberos protocols
> >> yourself (definitely non-trivial).
> >>
> >> I'd recommend using Basic or Digest, and use something like the
> >> samples [1] I have on my site.
> >>
> >> [1] http://www.rassoc.com/gregr/weblog/misc/samples.html
> >>
> >> --
> >> Greg Reinacker
> >> Reinacker & Associates, Inc.
> >> http://www.rassoc.com
> >> http://www.rassoc.com/gregr/weblog/
> >>
> >>
> >> "mikej" <mikej@guyih.fg> wrote in message
> >> news:b0b401c2502b$43cd9ec0$a4e62ecf@tkmsftngxa06...
> >>> Hello
> >>> I have a windows authentification on a web site.
> >>> So, i have to check the login/password of the windows
> >>> prompt with a login/password in a database.
> >>> I can request the identity name with  User.Identity.Name
> >>> but i need the password too.
> >>> So, i try to use the HTTP header "AUTHORIZATION" but i do
> >>> not manage to convert the base 64 like this :
> >>>
> >>> byte[] bPlain = new byte[50];
> >>> bPlain = Convert .FromBase64String(Request .Headers
> >>> ["AUTHORIZATION"] );
> >>>
> >>> I have an error Invalid character in a Base-64 string.
> >>> what can i do ?
> >>>
> >>
> >>
> >> .
>
>