This article has been modified on 23 Nov 09, based on a complaint about copy of someone elses work, however this updated article is my own original work and does not intend to pirate or reveal any proprietary information.

Digest Authentication

HTTP Digest authentication is a challenge response authentication to validate user credential over HTTP protocol (like Basic authentication) but with a difference that password is not send as plaintext over the network rather MD5 encryption is done hashing with a nonce value.
Digest Authentication was specified by by RFC 2069, which was later upgraded to RFC 2617 to enhance the security. However to keep things simple in this article we will proceed with the implementation for RFC 2069.

Fundamentally the response sent in Digest authentication is:

HA1 = MD5(username:hashcode:password)
HA2 = MD5(method:digestURI)

response = MD5(HA1:nonce:HA2)

 The nonce in this example is a timestamp send by the server to identify and prevent a replay attack.

NOTE: MD5 encryption is a "one way" encryption, that is, it will not be possible to determine the password even if the response is intercepted somewhere in the network.

Although Digest authentication is stronger than Basic authentication but it is still weaker than Public Key and Kerberos authentication.
Another disadvantage of Digest authentication is the inability of the client to verify the server. Thus allowing the possibility of Man-in-the=-middle attack; that is an intermittent sever can impersonate the main server and present Basic access authentication to the client and capture the credential which is in plaintext (or 64bit encrypted) form.

The typical flow of interaction between the server and the client is described below:
1. The client asks for a page that requires authentication but does not provide a user name and password.

GET /dir/index.html HTTP/1.0
Host: localhost

 2. The server responds with the 401 response code, providing the authentication realm and a randomly-generated, nonce (commonly the timestamp).

HTTP/1.0 401 Unauthorized
Server: HTTPd/0.9
Date: Sun, 10 Apr 2005 20:26:47 GMT
WWW-Authenticate: Digest realm="hashcode",
     qop="auth,auth-int",
     nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
     opaque="5ccc069c403ebaf9f0171e9517f40e41"
Content-Type: text/html
Content-Length: 311

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<HTML>
<HEAD>
<TITLE>Error</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
</HEAD>
<BODY><H1>401 Unauthorized.</H1></BODY>
</HTML>

 3. At this point, the client prompts the user for username and password and then it re-sends the same request but with additional authentication header that includes the response code.

GET /dir/index.html HTTP/1.0
Host: localhost
Authorization: Digest username="admin",
     realm="hashcode",
     nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
     uri="/dir/index.html",
     qop=auth,
     nc=00000001,
     cnonce="0a4f113b",
     response="6629fae49393a05397450978507c4ef1",
     opaque="5ccc069c403ebaf9f0171e9517f40e41"

 4. The server then accepts the authentication and the page is returned. If the user name is invalid and/or the password is incorrect, the server returns the "401" response code and the client would prompt the user again.

HTTP/1.0 200 OK
Server: HTTPd/0.9
Date: Sun, 10 Apr 2005 20:27:03 GMT
Content-Type: text/html
Content-Length: 7984

 NOTE: The client request header and the server response header are followed by an empty blank line.

The accompanying sample implementation is developed based on my learning from various sources with no use of any "proprietary technical knowledge base". Nevertheless still anyone feels he/she should be given credit for some specific section (or the whole) please advice me on the same.
For further reading refer: http://www.w3.org/Protocols/rfc2069/rfc2069

The sample is a generic implementation of a challenge response authentication in .net by implementation of a httpmodule, taking Digest authentication as the example.
In brief the component CommonAuth contains the core operations for intercepting http request and channeling it based on the custom authentication module applied. Any custom authentication module should extend the abstract BaseAuthenticationModule class and implement AuthenticationType property and Authenticate, GetChallengeHeaderInfo methods; based on the challenge header info and authenticate operation the custom authentication is performed.

Download Digest Authentication Example