Using InternetSetOption to set the username and password when connecting to a REST service. I notice that WinInet does not send the Authorization header when I call HttpSentRequest even though I called InternetSetOption first. Seems ridiculous that you have to get a response from the server with a WWW-Authenication header first. That creates an entire extra request to the server on every request.
Is there a WinInet call to force the Authorization header on the first call or do I have to add it manually?
After some deliberation and research, I think the answer is no. To set an Authorization header, WinInet needs to know what authentication method it should use, not just what username and password. The standard way to determine an authentication scheme is to send an unauthenticated request and read the WWW-Authenticate header.
If you know that your request needs Basic Authentication, you can set the Authorization: header yourself, using HttpAddRequestHeaders:
HttpAddRequestHeaders(hRequest, TEXT("Authentication: Basic dXNlcjpwYXNzd29yZA=="), -1, HTTP_ADDREQ_FLAG_REPLACE);
Calculate the base64-encoding of your own "user:password" string using CryptBinaryToString.