A while ago I preached a bit about using transport-based authentication with web services, rather than custom header-based mechanisms. Well, after a number of requests, I’ve posted a sample of using HTTP Basic authentication with web services, without using the built-in IIS support for Basic with Active Directory. The sample is a .NET HTTP Module, which handles the authentication against a custom data store (a XML file in the sample, easy to change to a database or whatever you need). It will also work in shared hosting environments where you can’t even think about ISAPI filters.
I have a working HTTP Digest sample about 80% complete; if there’s enough interest I’ll finish it up and post it.
Good article, I’m a little late but have a question… If I employ this method on a web application, can my web app call a web service that uses basic authentication and delegate the authentication?