Hello,

Are you supplying credentials (e.g., via WinHttpSetCredentials) in your
request, or are you expecting WinHTTP to auto-authenticate on your client's
behalf? Clearly, the latter approach is better as you do not need to
hard-code credentials in your code or implement UI to collect the client's
credentials. I'm assuming that it is auto-authentication that you are trying
to get working.

WinHTTP supports auto-authentication with servers that use Windows
Integrated Authentication (NTLM/Kerberos auth protocols). However, WinHTTP's
default policy is to auto-authenticate only with such servers that WinHTTP
believes to be on the local intranet. (By default, WinHTTP does not "trust"
external Internet servers.) The heuristic that WinHTTP uses to determine if
a server is on the intranet is based on the proxy configuration;
specifically, that the target server is in the "proxy bypass list".

So there are a couple ways you should be able to fix your problem. You can
set your proxy configuration to include the target server in the bypass
list. Or you can override the auto-authentication policy (what WinHTTP calls
the "auto-logon policy"). If you do not use a proxy server, then you can set
an option to override the auto-logon policy.

For additional information about WinHTTP's authentication support, consult
the following online documentation:

"ProxyCfg.exe tool." Be sure to review the last section on "ProxyCfg.exe
and Authentication"

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winhttp/http/proxycfg_exe__a_proxy_configuration_tool.asp

"Authentication in WinHTTP." Note the last section on "Automatic Logon
Policy."

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winhttp/http/authentication_in_winhttp.asp


Regards,
Stephen