Authentication - Basic Authentication (HTTP)

Authentication - Basic Authentication (HTTP)

About

Basic Access Authentication is an Authentication mechanism from HTTP auth.

Basic access authentication uses the easily reversible Base64 encoding making it non-secure unless used in conjunction with TLS.

The basic mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with Base64 in transit, but not encrypted or hashed in any way. HTTPS is, therefore, typically used in conjunction with Basic Authentication.

The browser is sending the credential (generally username and password) with every request then be sure to serve only on https.

Articles Related

The information is provided in the authorization header

Authorization: Basic dXNlcjpwYXNzd29yZA==

where dXNlcjpwYXNzd29yZA== is an example of Base64 output of username:password where:

username is the username of the user
password can be:
- password
- or any token (for api, because token can be revoked)

Oauth encode them both using the application/x-www-form-urlencoded encoding algorithm per Appendix B

Basic authentication dialogue - 401 - WWW-Authenticate : Popup

The browser can take care of the user/password dialog prompt when when the server returns a 401 response with a WWW-Authenticate as header.

The browser will then pops up a Basic authentication dialogue (for user and password)

in Soap UI

Documentation / Reference

Basic_access_authentication
2015: RFC 7617 (obsoletes RFC 2617).
1999: RFC2617 - HTTP Authentication: Basic and Digest Access Authentication

Authentication - Basic Authentication (HTTP)

Table of Contents

About

Articles Related

Header

Basic authentication dialogue - 401 - WWW-Authenticate : Popup

in Soap UI

Documentation / Reference