HttpWebResponse - How to Set the NTLM Authenticate Header

I have to access an external Service (Web Application) through a single server (protected with a firewall), so I have to relay / tunnel the HTTP-Requests via a small C# Service Application.

I've written an HttpListener, waiting for requests, calling the external Web-Server, get his response and writing it to the client. This part of the application works smooth.

For auditing purposes I turned on NTLM Authentication on the Listener, so that I can log, which users accessed this service. So far so good.

listener.AuthenticationSchemes = AuthenticationSchemes.Ntlm;

The authentication works, the client gets automatically an HTTP 401 response with the WWW-"Authenticate: NTLM" Header, the client reissues the request with the NTLM-Authorization header, the server respondes with a challenge, the client respondes to the challenge --> the client is authenticated, I am able to access the Identity property in the HttpListenerContext.

But I think, I make a mistake, when I am writing the response back to the client. When the same client does another request, he has to do the whole authentication-procedure from the beginning.

response.StatusCode = (Int32)((HttpWebResponse)remoteResponse).StatusCode;
foreach (var h in remoteResponse.Headers.AllKeys) {
  if (!(new string[] { "Content-Type", "Content-Length" }).Contains(h)) {
    response.AddHeader(h, response.Headers[h]);
  }
}
// Am I missing a Header here???
response.ContentType = remoteResponse.ContentType;

using (Stream input = remoteResponse.GetResponseStream()) {
  using (Stream output = response.OutputStream) {
    input.CopyTo(output);
  }
}

After watching the communication with a IIS-Website I recognized, that IIS respondes the normal request with an "WWW.Authenticate" Hea开发者_开发知识库der + Value. Where do I get this value? Thanks you for your help, or for any hint where to look for more information.