Authentication - Basic Authentication (HTTP)


Basic Access Authentication is an Authentication mechanism from HTTP auth.

Basic access authentication uses the easily reversible Base64 encoding making it non-secure unless used in conjunction with TLS.

The basic mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with Base64 in transit, but not encrypted or hashed in any way. HTTPS is, therefore, typically used in conjunction with Basic Authentication.

The browser is sending the credential (generally username and password) with every request then be sure to serve only on https.

The information is provided in the authorization header

Authorization: Basic dXNlcjpwYXNzd29yZA==

where dXNlcjpwYXNzd29yZA== is an example of Base64 output of username:password where:

  • username is the username of the user
  • password can be:

Oauth encode them both using the application/x-www-form-urlencoded encoding algorithm per Appendix B

Basic authentication dialogue - 401 - WWW-Authenticate : Popup

The browser can take care of the user/password dialog prompt when when the server returns a 401 response with a WWW-Authenticate as header.

The browser will then pops up a Basic authentication dialogue (for user and password)

in Soap UI

Documentation / Reference

Powered by ComboStrap