I have posted an article and sample of using HTTP Digest authentication with web services, without using the built-in IIS Digest implementation and Active Directory. Like my previous authentication sample, this one is all managed code, and will work in shared hosting environments.
I think Digest authentication has gotten a bit of a bum rap, and it’s not in widespread use. However, it’s a standard, well-documented protocol, and it doesn’t require clear-text credential transmission, which means you don’t have to require an encrypted channel for some classes of services. I think it’s particularly well-suited to web services, at least until WS-Security has gained widespread acceptance. Microsoft seems to agree, as they are using Digest authentication for their MapPoint.NET service.