Are the ten lines you can use in PHP to have HTTP authentication difficult to implement? :)
http://www.php.net/manual/en/features.http-auth.php Exactly, not at all. I think the best way to do it is at the end of bootstrap, after the session code has passed.
My idea roughly is long the lines: * if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="My drupal site(may be in subdirectory)"'); header('HTTP/1.0 401 Unauthorized'); echo 'Text to send if user hits Cancel button'; exit; } else { verify the username:password - ala user_login(); } This will mean that you end up with a valid $user. * possibly digest authentication as well I'll be doing that this weekend, I need to test authenticated RSS feeds powered by drupal. I will not be online this weekend, but will post a patch on Monday to demo the idea. I don't think it is something major anyway (the http auth bit) ---- webDAV is an extension to http, sort of I prefer calling that a special kind of XML based RPC, because most of the extensions are actually XML encoded messages. I think there was an implemenation of webDAV for PHP. I am not sure which features, and what level of webDAV are worth it in Drupal's case. upload, version control, locking? Cheers, Vlado