Security

Digest Authentication

Digest authentication addresses many of the weaknesses of Basic authentication. Most notably, the password is not in clear text when you use Digest authentication. In addition, Digest authentication can work through proxy servers, unlike integrated Windows authentication.

At the time of this writing, digest authentication is not a completed standard; it is still a draft. The version of digest authentication used in IIS 5.0 follows RFC2069, with some extensions from the IETF draft specification that can be found at http://www.ietf.org/.

Because Digest authentication is a challenge/response mechanism like integrated Windows authentication, passwords are not sent unencrypted, as in Basic authentication.

See the following:

• How to Configure Digest Authentication
• Digest Authentication Header Flow

© 1997-1999 Microsoft Corporation. All rights reserved.