Handle sites that do not use Token Authentication (ex: NTLM or Kerberos).

[pfoppe]

Should the token auth handler revert to Kerberos or NTLM if it is using web-tier security with windows authentication (MS Negotiate security provider)? Or... should that be rolled into a second auth handler called something like "ArcGISServerAuth" that could either inherit from AGSTokenAuthHandler AND NTLM AND Kerberos?

TBD