How does Basic Windows Authentication work in ASP.NET

Almost  all web browsers support Basic authentication as authentication protocol. The next picture shows the case when a website requests client authentication using Basic authentication and the web browser displays a login dialog box:

A login dialog box for Basic authentication

A login dialog box for Basic authentication

After a user provides this information, the data is transmitted to the web server (in this case localhost). Once IIS receives the authentication data, it attempts to authenticate the user with the corresponding Windows account. The key disadvantage of Basic authentication is that it isn’t secure, because user name and password credentials obtained via it are transmitted between the client and server as clear text. The data is encoded into Base64 sting which can easily read. In Windows Vista Microsoft has modified the login dialog to display a warning if the connection is not secure (meaning SSL/TLS is not used for communicating with the web server).

Important advice: You should use Basic authentication only in situations where there’s no need to protect user credentials, or only in conjunction with an HTTP wire encryption protocol such as SSL. This way, the data that would otherwise be clearly visible to any network sniffing utility will be encrypted using complex algorithms.