From what we can tell, the WSE3 approach is broken because aspdnsf puts binary or non-ascii data into the password field of the db.

IOW, for this approach to work, aspdnsf needs to FIRST mime encode the hashed password, THEN put it in the DB. We would then have an ascii string (the mime encoded hash) that we could use from the outside.

From what I can see, the WSI docs should be updated. Currently, the WSI docs say that WSE3 is the recommended approach. However WSE3 really just won't work (at least cannot be counted on to work).

Comments?