worked on implementing a 'forms auth' version of HTTP BasicAuth for my exyus framework this evening and got stumped by asp.net/iis. i can gather the data and craft the proper header, but i can't get asp.net/iis to accept the header in the request stream. i'm sure there's a good reason (spoofing credentials would be way too easy), but i'm equally sure there's a simple way to do this that i'm just missing.
i can do the work within the request pipeline (by sniffing for the WWW:Authenticate header and taking up the task there), but i thought i could skip that (somehow) within my HTTP POST from the login page. nope. i suspect i need to take that data and then mimic the initial pipeline request back through the system. using HTTP 301, i suspect. but i just can't get it right yet.
of course, this is all about supporting a forms way to login but still keeping HTTPAuth as the only auth model to support. and i want to do this to make logging in from my m-q phone easy, etc. maybe the m-q can handle HTTP auth?
Update (five minutes later)
i'm an idiot! the m-q phone supports HTTP BasicAuth just fine (of course). now i can forget the whole forms login pattern for now and concentrate on an html-only version of the blog including a simple blog post page. *sweet*