Re: Windows authentification : HTTP header "AUTHORIZATION" ?
From: Greg Reinacker (gregnews@rassoc.com)
Date: 09/03/02
- Next message: Lon: "HOW TO: Secure an ASP.NET Application by Using Windows Security"
- Previous message: Eric Robishaw: "permission denied to save an ASP file on local webserver but HTML file OK"
- In reply to: Arild Bakken: "Re: Windows authentification : HTTP header "AUTHORIZATION" ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Greg Reinacker" <gregnews@rassoc.com> Date: Mon, 2 Sep 2002 19:51:53 -0600
Digest also does not transmit the password clear-text; rather, a hash of the
password (and other information) is used.
-- Greg Reinacker Reinacker & Associates, Inc. http://www.rassoc.com http://www.rassoc.com/gregr/weblog/ "Arild Bakken" <arildb_@hotmail.com> wrote in message news:ewPBNAoUCHA.3792@tkmsftngp11... > When integrated security is used the password is never sent, only a hash key > that is verified with the domain controller. Since the password is not sent, > and it is not possible to get a users password from a domain controller, you > cannot get it. If you need the password, use Basic authentication (or > perhaps digest authentication will work, but I've never tried that) > > > Arild > > mikej wrote: > > Hello, > > i use both Integrated and Basic. > > So, i can retrieve the password when Basic is used. > > Are you sure that it is not possible to get the password > > when integrated is used ? > > thanks > > mike-j > >> -----Original Message----- > >> If you're using Integrated Windows authentication, you're out of > >> luck - you're not going to be able to authenticate against your > >> database, unless you implement the NTLM or Kerberos protocols > >> yourself (definitely non-trivial). > >> > >> I'd recommend using Basic or Digest, and use something like the > >> samples [1] I have on my site. > >> > >> [1] http://www.rassoc.com/gregr/weblog/misc/samples.html > >> > >> -- > >> Greg Reinacker > >> Reinacker & Associates, Inc. > >> http://www.rassoc.com > >> http://www.rassoc.com/gregr/weblog/ > >> > >> > >> "mikej" <mikej@guyih.fg> wrote in message > >> news:b0b401c2502b$43cd9ec0$a4e62ecf@tkmsftngxa06... > >>> Hello > >>> I have a windows authentification on a web site. > >>> So, i have to check the login/password of the windows > >>> prompt with a login/password in a database. > >>> I can request the identity name with User.Identity.Name > >>> but i need the password too. > >>> So, i try to use the HTTP header "AUTHORIZATION" but i do > >>> not manage to convert the base 64 like this : > >>> > >>> byte[] bPlain = new byte[50]; > >>> bPlain = Convert .FromBase64String(Request .Headers > >>> ["AUTHORIZATION"] ); > >>> > >>> I have an error Invalid character in a Base-64 string. > >>> what can i do ? > >>> > >> > >> > >> . > >
- Next message: Lon: "HOW TO: Secure an ASP.NET Application by Using Windows Security"
- Previous message: Eric Robishaw: "permission denied to save an ASP file on local webserver but HTML file OK"
- In reply to: Arild Bakken: "Re: Windows authentification : HTTP header "AUTHORIZATION" ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
