>HTTP Basic Authentication

By | December 11, 2012


We can discover authentication mechanism used by a web application.  Until a sophisticated authentication mechanism decided to apply, the two most commonly web authentication methods are

HTTP Authentication  and
Form based authentication

 HTTP Authentication could be Basic Access Authentication and Digest Access Authentication .

Let us understand Basic Access Authentication ,

Suppose there is a resource linux.pdf located on http://linuxmantra.com/res/linux.pdf

Client send standard HTTP request for the resource.

Get http://linuxmantra.com/res/linux.pdf

Now if the res/linux.pdf  is a protected resource, then the response from the server could be as below

HTTP/1.1 401 Authorization Required
Date: ————–
WWW-Authenticate: Basic realm=”linuxmantrasafe”
Content-Length: xxx
Keep-Alive: timeout=25, max=75
Connection: Keep-Alive

In Basic Authentication mechanism , the client use login/password to access protected resource . When client try to access a protected resource ,server respond with status 401 containing a WWW-Authenticate tag. WWW-Authenticate tag containing a value Basic and name of Protected Realm . 
Upon receiving 401 response from the server , browser prompt for loginname  and password . The client then respond with Authorization tag . The value of Authorization tag will be “Basic” and Base64 encoded concatenation of  loginname and password .

Get http://linuxmantra.com/res/linux.pdf
Authorization: Basic c7dhc3A6cGFbf3dvcmQ=

In above example c7dhc3A6cGFbf3dvcmQ= is base64 encoded value of loginame+password.

Share itShare on FacebookEmail this to someoneTweet about this on TwitterShare on Google+Share on LinkedInPrint this page

Leave a Reply

Your email address will not be published. Required fields are marked *

Current month ye@r day *