locked
Difference between Integrated Windows Authentication and Windows Digest Authetication in ASP.NET RRS feed

  • Question

  • User-381266048 posted

    I am working on ASP.NET web application and need to implement authentication using Active Directory domain accounts.

    From what I understand there are 2 possible options:

    1. Integrated Windows Authentication
    2. Windows Digest Authentication

    Can I use either of them? It is clear that Windows Digest Authentication supports authentication using Active Directory domain accounts. Integrated Windows Authentication definitely can use local Windows accounts but I am not sure about AD accounts.

    Friday, May 9, 2014 8:37 AM

Answers

  • User-734925760 posted

    • Integrated Windows Authentication
    • Windows Digest Authentication

    Hi,

    So far as I know, the different is that, Digest Authentication, it is the same as basic authentication except that the password is hashed before it is sent across the network. But Integrated Windows Authentication, in this kind of authentication technique, passwords are not sent across the network. The application here uses either the kerberos or challenge/response protocols to authenticate users.

    So if you use AD account, I suggest you using Integrated Windows Authentication.

    For more information about Digest Authentication and Integrated Windows Authentication, please refer to the links below:

    #Digest Authentication:http://www.iis.net/configreference/system.webserver/security/authentication/digestauthentication

    #Windows Authentication:http://www.codeproject.com/Articles/94612/Windows-Authentication

    Hope it's useful for you.

    Best Regards,

    Michelle Ge

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, May 12, 2014 2:37 AM