Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Using custom Digest authentication
Message
From
11/09/2012 09:06:24
Michel Fournier
Level Extreme Inc.
Petit-Rocher, New Brunswick, Canada
 
 
To
11/09/2012 07:50:03
Viv Phillips
Hay-On-Wye, United Kingdom
General information
Forum:
Internet
Category:
Security
Title:
Re: Using custom Digest authentication
Miscellaneous
Thread ID:
01552652
Message ID:
01552710
Views:
31
>Not required - but less secure without ?

Yes, if you want to add that layer, it will be more secure. Note that this will mathematically be a little bit slower but not something visible to the user. But, the cookie will travel transparently over that layer as well. So, it doesn't change anything but to configure the IIS port and so might be the firewall.

>Don't you have to authenticate before issuing the cookie IAC ?

Yes, exactly, that is the first step. Once authenticated, you generate a cookie in the response. Then, it will live, at minimum, during the session (that implies for as long as the browser remains opened). You can also set the cookie for a duration date, thus passing it an expiration date, which will make it sits somewhere on the PC browser configuration related files. Note that this applies if the browser does not block the cookies. Which is a real ... during these days. See this links about some documentation about issues I have to rely the users to from time to time:

http://www.levelextreme.com/ViewPageGenericCookieVerification.aspx
Michel Fournier
Level Extreme Inc.
Designer, architect, owner of the Level Extreme Platform
Subscribe to the site at https://www.levelextreme.com/Home/DataEntry?Activator=55&NoStore=303
Subscription benefits https://www.levelextreme.com/Home/ViewPage?Activator=7&ID=52
Previous
Reply
Map
View

Click here to load this message in the networking platform