When a server receives a request that requires authentication, the server returns a 401 status code message. In that message, the server should include one or more WWW-Authenticate response headers. These headers include the authentication methods the server has available. The Windows CE Internet functions pick the first method they recognize.
Basic authentication provides weak security unless the channel is first link-encrypted with SSL or Private Communications Technology (PCT).
The InternetErrorDlg function can be used to obtain the user name and password data from the user, or a custom control can be designed to obtain the data.
A custom control can use the InternetSetOption function to set the INTERNET_OPTION_PASSWORD and INTERNET_OPTION_USERNAME values and then resend the request to the server.