> Basic Authentication is cleartext, But can be secured on the channel level (e.g. using https). Asuming you periodically change your passwords this is good enough most of the times.
Digest is cryptographically secure, > IIRC. It does a challenge/response. However, digest authentication will only work for IIS installed on a domain controller (of all things ...). Most people consider opening up their domain controllers to the internet a bad thing (allthough it is getting increasinly trendy to proxy the internal webserver out on the internet). -- Henkk You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
