Designing Secure Web-Based Applications for Microsoft Windows 2000 with CDROM

Available in IIS 4?

No. This is a new IIS 5 authentication scheme.

What privileges are required?

All accounts must have the Network Logon logon right.

Supports delegation?

No. The client account cannot leave the Web server computer because a Windows subauthentication DLL is used to log on the account.

Delegation capabilities diagram

Requires Active Directory?

Yes. All accounts using Digest authentication must have the Store Password Using Reversible Encryption option enabled.

Browser support

Although Digest authentication is part of the HTTP 1.1 protocol, presently only Microsoft Internet Explorer 5 supports it.

Works through proxies and firewalls?

Yes.

Other notes

Digest authentication is defined in RFC 2617 (available at http://www.ietf.org/rfc/rfc2617.txt).