Just a note here that if you would let your server issue the
authentication challenge, and let your user login with the browser's
login dialog, then the rest would be seamless and transparent to you,
as the credentials would automatically be tacked on to each RPC (or
other) request you make subsequently.
Walden