Basic and Digest Authentication


The System.Net implementation of basic and digest authentication complies with RFC2617 – HTTP Authentication: Basic and Digest Authentication (available on the World Wide Web Consortium's Web site at

To use basic and digest authentication, an application must provide a user name and password in the Credentials property of the WebRequest object that it uses to request data from the Internet, as shown in the following example.

String MyURI = "";
WebRequest WReq = WebRequest.Create(MyURI);
WReq.Credentials = new NetworkCredential(UserName, SecurelyStoredPassword);

Data sent with Basic and Digest Authentication is not encrypted, so the data can be seen by an adversary. Additionally, Basic Authentication credentials (user name and password) are sent in the clear and can be intercepted.