internal void SetAuthenticationHeaders(HttpListenerContext context)
{
Debug.Assert(context != null, "Null Context");
HttpListenerRequest request = context.Request;
HttpListenerResponse response = context.Response;
// We use the cached results from the delegates so that we don't have to call them again here.
NTAuthentication newContext;
ArrayList challenges = BuildChallenge(context.AuthenticationSchemes, request._connectionId,
out newContext, context.ExtendedProtectionPolicy, request.IsSecureConnection);
// Setting 401 without setting WWW-Authenticate is a protocol violation
// but throwing from HttpListener would be a breaking change.
if (challenges != null) // null == Anonymous
{
if (newContext != null) // Digest challenge, keep it alive for 10s - 5min.
{
SaveDigestContext(newContext);
}
// Add the new WWW-Authenticate headers
foreach (string challenge in challenges)
{
response.Headers.Add(HttpKnownHeaderNames.WWWAuthenticate, challenge);
}
}
}