I have a custom Web Stack with custom self-hosted server (no IIS, no WCF). It uses HttpListener to get HttpListenerContext that is processed by pipeline of modules. So, I am working with HttpListenerRequest and HttpListenerRespose in processing modules.
Now I need to return 401 Unauthorized to the client in some specific cases. Response should also include WWW-Authenticate header with specific challenge. So, I can just set StatusCode of the HttpListenerRespose = 401 and it works fine. But when I try to add Www-Authenticate header to the response - I get an exception: "The 'WWW-Authenticate' header must be modified using the appropriate property or method. Parameter name: name".
As I can see, WWW-Authenticate header is protected for response. MSDN Documentation says that I can't "set a Content-Length, Keep-Alive, Transfer-Encoding, or WWW-Authenticate header using the Headers property". There are KeepAlive and ContentLenght64 properties for two of them but "You cannot set the Transfer-Encoding or WWW-Authenticate headers manually"
So, what is a possible solution? How should I return 401 response with specific WWW-Authenticate header correctly?