I have posted an article and sample of using HTTP Digest authentication with web services, without using the built-in IIS Digest implementation and Active Directory.  Like my previous authentication sample, this one is all managed code, and will work in shared hosting environments.

I think Digest authentication has gotten a bit of a bum rap, and it’s not in widespread use.  However, it’s a standard, well-documented protocol, and it doesn’t require clear-text credential transmission, which means you don’t have to require an encrypted channel for some classes of services.  I think it’s particularly well-suited to web services, at least until WS-Security has gained widespread acceptance.  Microsoft seems to agree, as they are using Digest authentication for their MapPoint.NET service.