Configuring Digest Authentication (IIS 6.0)
Digest authentication offers the same functionality as Basic authentication; however, Digest authentication provides a means to help ensure that user credentials are not sent across the network in plaintext. Digest authentication transmits credentials across the network as an MD5 hash, or message digest, where the original user name and password cannot be deciphered from the hash. Digest authentication is available to WebDAV directories.
Digest authentication is enabled by default for upgrades from an earlier version of IIS. If you need to enable Digest authentication on a server running IIS 6.0, do the following:
Configuring the Realm Name
In addition to using IIS Manager to enable Digest authentication on a Windows domain server, you can use scripting to configure the realm name at any level of the metabase, as shown in the Table A.2.
If a child key in the metabase is not configured with a realm name, that child key inherits the realm name from the next parent key that has the realm name configured. If the realm name is not configured, IIS sends its own computer name as the realm name. If IIS sends its own name as the realm name and IIS is not running on a Windows Server 2003 domain controller with Active DirectoryŽ directory service, Digest authentication fails. As a best practice, avoid running IIS on a domain controller; whenever possible, physically separate a server that is running IIS from a domain controller.
You can configure either single or multiple realm names on a server running IIS. You might want to configure multiple realm names if the domains do not have a trusted relationship. If you configure multiple realm names, you must configure them at different levels of the metabase.
For information about enabling Digest authentication and configuring the realm name, see Configuring Digest Authentication in IIS 6.0.