I understand basic and digest authentication. But I've searched a lot and I'm struggling with NTLM, Authenticate, & Negotiate.
I think, correct me if I am wrong, that NTLM & Authenticate are two terms for the same protocol.
And negotiate is trying first NTLM, then falling back to digest, then falling back to basic to connect.
Is that correct? And if so where is a good example of how to connect in C# both for NTLM only and for negotiate.
I have two use cases. The first is I need to pull down a single file. So make a request, get an XML file as the response, read it down, done.
The second is querying OData so hundreds to thousands of web requests, each of which will provide JSON (or XML) as the response.
https://learn.microsoft.com/en-us/windows/desktop/secauthn/microsoft-negotiate
As given in the article Negotiate does not fall back to digest. In a way Negotiate is like Kerberos but with a default backup of NTLM
Authenticate is just an internal method, not sure why you are getting confused with it and the protocols, a good look at the internals is here: https://blogs.msdn.microsoft.com/dsnotes/2015/12/30/negotiate-vs-ntlm/
The way to look at this is:
Edit 1 : Applying these authentication mechanisms for the Web was formalized in RFC 4559.
Edit 2 : NTLM authenticates one connection, not a request, while other authentication mechanisms usually authenticate one request. On the first use case this should not change so much, but for the second use case this makes sense to try NTLM while keeping one single connection (by using the HTTP Keep-Alive, and sending the credentials only once in the first request). There's maybe a performance difference. Keep us updated with your results.
A sample WebRequest code taken from Microsoft docs, you can replace the Webrequest with HttpWebRequest.