Domino supports three forms of authentication:
- Basic authentication (header-based)
- Session authentication (cookie-based)
- Certificate authentication (X.509-based)
You can distinguish them by attempting to open a protected database on the server in your browser. If you get a built-in dialog box from your browser asking for name and password, it's basic. If you get an actual web page in the browser asking for name and password, it's session. If you get challenged by a dialog asking for you to select a certificate from your browser's key store, it's certificate. (Of course, you can also fire up the Domino Administrator client and just look at the relevant configuration documents for the server to figure this out.)
For Basic authentication, every request you send must included a header as described here.
For session authentication, you will need to send a cookie. There are actually two different cookie formats, depending on whether the Domino server has been set up for single server or multi-server (SSO) session authentication. To get the value of the cookie, you will need to emulate an actual user login by POSTing a form containing the name and password, and reading the cookie value that is returned after your successful POST. (You can get the details of the form that you have to POST by studying the HTML that is returned to you in a browser when you attempt to log on manually.)
For certificate authentication, well... that's probably too complex a topic to address here.