I've got an ASP.NET application which uses forms authentication.
We're adding on an HttpModule that responds to requests in the /webdav folder and below. We need to use basic/digest authentication for these requests.
With <authentication> set to Forms in the root web.config, requests from webdav clients are receiving a 302 redirecting the user back to the login page.
Is MADAM the best way to achieve this?
I think MADAM would work well for you.
I'm using MADAM to make RSS feeds available that are specific to logged in users accessible to RSS Readers. I am also planning on using it when we implement mobile app access into our application. That way we can use the same controller logic and change the authentication using MADAM.
I would suggest that you use HTTPS requests if you're doing BASIC authentication. Also, if you are using IIS 7, make sure you add the http modules configuration into the system.webServer/modules section. I wasn't paying much attention and wasted time diagnosing why it was working locally and not on the development server in IIS 7.