Any way to maintain a digest-authenticated session in .NET?

[paul]

I must (as a client application) connect via HTTP, authenticate using
DIGEST authentication, and then make subsequent HTTP requests.

The Problem:

If I use System.Net.WebClient or System.Net.HttpWebRequest, my initial
HTTP request is met with a:

HTTP/1.1 401 Unauthorized xxx
Set-Cookie: ARPT=ZYQ123; path=/
Date: Sat, 26 Mar 2005 02:43:44 GMT
Content-Length: 0
Content-Type: text/html
Cache-Control: private
WWW-Authenticate: Digest realm="xyz",
nonce="31313131383035303234343234201d4e1fddab881c96a4ab8f32f64eaad9",
opaque="6e6f742075736564"

which .NET responds to CORRECTLY by doing a DIGEST authentication.

The problem is that subsequent requests through the .NET framework
using either System.Net.WebClient or System.Net.HttpWebRequest do NOT
contain DIGEST authentication headers, as they should for an
AUTHENTICATED SESSION. Packet traces confirm this.

How can I get .NET to maintain the session, and not treat subsequent
HTTP requests as if I am "starting a session from scratch?" I hope
that Microsoft will not force me to develop my own digest
authentication routines, and have to manually compute and send
authentication headers with each HTTP request.

Thanks in advance!

 

[markuswallen]

In search of an answer to another problem I stumbled on this question. Thought I should try to help anyone else searching for an answer to this question. =)

You could try this.
If you're using a webclient, create your own subclass of WebClient and override GetWebRequest:

protected override WebRequest GetWebRequest(Uri address)
{
var request = (HttpWebRequest)base.GetWebRequest(address);

// Perform any customizations on the request.
// This version of WebClient always preauthenticates.
request.PreAuthenticate = true;

return request;
}

Or if you're using a webrequest directly, just set PreAuthenticat to true.

Hope this helps.