HTTP Basic Authentication - what's the expected web browser experience?

Question

When a server allows access via Basic HTTP Authentication, what is the experience expected to be in a web browser?

Ignoring the web browser for a mo

Answer 1

If there are no credentials provided in the request headers, the following is the minimum response required for IE to prompt the user for credentials and resubmit the request.

Response.Clear();
Response.StatusCode = (Int32)HttpStatusCode.Unauthorized;
Response.AddHeader("WWW-Authenticate", "Basic");