Sorry for the delay in responding, but if you pass credentials to the open 
method, they are used for authentication against the web server regardless 
of the scheme. So if the Web server supports only Basic or Digest, the creds 
are passed for that. If the Web server supports "Windows authentication" 
which can be NTLM or Kerberos, then the credentials are attempted for that 
too.

> That's fine but I think the question is, is the username/password pair
> passed in the open method used in the all of these schemes or some or one 
> of
> them?  E.g IF the server only offered NTLM would the username/password
> provided in the open call be used to attempt to satisfy the logon?  OR is 
> it
> limit to only Basic methods?
>
>
>> <edsuslen@y...> wrote in message
>> news:1151499227.494894.50730@m......
>> > Guys, need your help.
>> > In a standard
>> > oXMLHttpRequest.open(bstrMethod, bstrUrl, varAsync, bstrUser,
>> > bstrPassword);
>> > the user/password are only for iis authentication, or it could be
>> > captured for the validation by receiving asp?
>> > If it could be captured, how?
>> >
>> > If it is only for iis authentication, where can I find out how to set
>> > up iis for proper authentication specific users?
>> >
>> > Any explanations would be valuable.
>> > Thanks in advance.