none
acceptedPasswords
rejectedUsers
all

The use mode of the the Authentication Cache.
The Authentication Cache (AC) can store previously authenticated credential information for faster request processing.

none - the AC is disabled

acceptedPasswords - the AC will only be used to store accepted passwords

rejectedUsers - the AC will only be used to store denied usernames

all - combines the acceptedPasswords and rejectedUsers options

absolute
sliding

The cache expiration option for the enabled AC; to be used with minutes attribute.

absolute - cached information will expire exactly x minutes after being added to the AC.

sliding - cached information will expire x minutes after last being stored / accessed / retrieved.

[number > 0]

"Minutes" as related to the expiration attribute.

[number > 0]

The number of seconds for which an issued ticket is valid.
All issued tickets are configured to be valid for only a limited amount of time. An expired ticket will be returned as stale and the Client will need to request a new one to re-authenticate. See About HTTP Digest, Tickets.

[any number]

The number of requests for which a valid ticket can be used.

value less than 1 - disables this option; tickets may be used without usage count restriction until they expire according to the timeout attribute.

1 - This means that Kabel .NET will issue One-Time Tickets. The Client will have to obtain a new one for each subsequent request. Note: One-Time Tickets are additionally bound to the IP Address of the Client for security purposes.

value greater than 1 - tickets can be used only for x number of requests.

true
false

Should tickets be bound to the original resource that was requested when they were generated?
Tickets may contain information about the original resource (URL) they were issued for.

An example: The Client received a ticket with reference to resource A but an intruder snatched this ticket and wants to access resource B with it; when employing resource-dependent tickets, the Server will require re-authentication for B, so that the intruder is denied and his harm effectively contained.

true
false

HTTP Digest-specific: When returning an initial challenge, should the Server generate an opque identifier for the subsequent authentication session?
This option should be used when implementing a custom Opaque Value generation function for security and audit purposes. See the Advanced Walkthrough, Overriding Other Module Methods.

Important: When overriding Opaque Value Generation, each opaque value must be unique and must only be generated once. The use of GUIDs or other such identifiers for this purpose is highly recommended.

autogenerate

or

[hexadecimal
key data]

The cryptographic validation key to be used for signing and verifying server-issued tickets.

autogenerate - Kabel .NET will generate a strong, random key within the scope of the current web application (recommended).

[hexadecimal key data] - Specify a custom key string when using a web farm/multi-server environment.

registry

[Virtual Path]

or

[Directory Path]

The location of the active License for Kabel .NET.

registry - Kabel .NET will attempt to load an installed License from the Registry.

Virtual Path - Must start with ~/ which will resolve the virtual path relative to the web application's root directory on the physical hard drive. (Server.MapPath is used internally here).
Example: ~/production.lic (this will locate the file in the root directory of the web application, so the same location as web.config or global.asax)

Directory Path - Example: C:\production.lic

If <license> is omitted - Kabel .NET will look in the Registry for a globally installed license or license file path; use the Licensing Utility to write a license to the Registry.