Authentication - Basic Authentication (HTTP)
Table of Contents
About
Basic Access Authentication is an Authentication mechanism from HTTP auth.
Basic access authentication uses the easily reversible Base64 encoding making it non-secure unless used in conjunction with TLS.
The basic mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with Base64 in transit, but not encrypted or hashed in any way. HTTPS is, therefore, typically used in conjunction with Basic Authentication.
Header
The information is provided in the authorization header
Authorization: Basic dXNlcjpwYXNzd29yZA==
where dXNlcjpwYXNzd29yZA== is an example of Base64 output of username:password where:
- username is the username of the user
- password can be:
- or any token (for api, because token can be revoked)
Oauth encode them both using the application/x-www-form-urlencoded encoding algorithm per Appendix B
Basic authentication dialogue - 401 - WWW-Authenticate : Popup
The browser can take care of the user/password dialog prompt when when the server returns a 401 response with a WWW-Authenticate as header.
The browser will then pops up a Basic authentication dialogue (for user and password)
in Soap UI
Documentation / Reference
- 2015: RFC 7617 (obsoletes RFC 2617).