using uthentic.Web.Security.HttpDigest;
using uthentic.Web.Security.HttpDigest.Events;
// for namespace abbreviations when later referencing
// the AuthenticationEventArgs and DigestHelper classes

// This is your custom class deriving from the Kabel .NET base Module

// Note that the validation here is simple
// But the concept quite powerful!

namespace KabelAdvSample // your own namespace declaration
{

public class MyDigestAuthenticationModule : uthentic.Web.Security.HttpDigest.DigestAuthenticationModule
{

override protected bool AuthenticateUser
(System.Web.HttpApplication app,
string username,
out string password,
out System.Security.Principal.IPrincipal user)
{

password = null;
user = null;

bool isValidUsername = false;
// it's a good security practice to be defensive
// and assume that the user is initially invalid

if (username.Equals("admin"))
{

password = "secret-password123";
isValidUsername = true;

user = DigestHelper.MakeSimpleUser("Administrator");

// 'admin' is a valid username for our application.
// The Client password should be 'secret-password123'

// We are also associating the name 'Administrator'
// with the identity of the Client

}
else if (username.Equals("mickey"))
{

password = "mouse-password";
isValidUsername = true;

user = DigestHelper.MakeSimpleUser("MickeyMouse");

// 'mickey' is also a valid username for our application.
// The Client password should be 'mouse-password'

// We are also associating the name 'MickeyMouse'
// with the identity of the Client

}
else
{

password = null;
isValidUsername = false;

user = null;

// We do not know any other users.
// Therefore, the Username is not valid!
// Therefore, password = null and user = null

}

return isValidUsername;
// return the outcome of our simple validation

}

}

}