Digest Authentication Technical Reference

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Digest Authentication Technical Reference

Digest Authentication is a standards-based authentication protocol, implemented through wdigest.dll, that provides for authentication, between Microsoft Windows operating environments and operating environments other than Windows, over the Internet. It is described in RFC 2617: HTTP Authentication: Basic and Digest Access Authentication. Wdigest.dll was first included as an authentication package in the Microsoft Windows XP operating system. The Digest security support provider (SSP) implements both RFC 2617 and RFC 2831: Using Digest Authentication as a SASL Mechanism. Digest Authentication, as a simple authentication and security layer (SASL) mechanism, is used primarily for Lightweight Directory Access Protocol (LDAP) authentication.

Digest Authentication works in situations where the Kerberos protocol does not. Digest Authentication offers single sign-on only to a single Web URL protection space. If users navigate to a different Web site, or even to a different server in the same site, they will usually be prompted to enter credentials again.

This section explains what Digest Authentication is and how it works, and it explains which tools are available for configuring Digest Authentication. This technology is also referred to in Internet Information Services (IIS) 6.0 documentation as Advanced Digest Authentication.

In This Section