Authentication - Basic Authentication (HTTP)

Authentication - Basic Authentication (HTTP)

About

Basic Access Authentication is an Authentication mechanism from HTTP auth.

Basic access authentication uses the easily reversible Base64 encoding making it non-secure unless used in conjunction with TLS.

The basic mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with Base64 in transit, but not encrypted or hashed in any way. HTTPS is, therefore, typically used in conjunction with Basic Authentication.

The browser is sending the credential (generally username and password) with every request then be sure to serve only on https.

Articles Related

The information is provided in the authorization header

Authorization: Basic dXNlcjpwYXNzd29yZA==

where dXNlcjpwYXNzd29yZA== is an example of Base64 output of username:password where:

username is the username of the user
password can be:
- password
- or any token (for api, because token can be revoked)

Oauth encode them both using the application/x-www-form-urlencoded encoding algorithm per Appendix B

Basic authentication dialogue - 401 - WWW-Authenticate : Popup

The browser can take care of the user/password dialog prompt when when the server returns a 401 response with a WWW-Authenticate as header.

The browser will then pops up a Basic authentication dialogue (for user and password)

in Soap UI

Documentation / Reference

Basic_access_authentication
2015: RFC 7617 (obsoletes RFC 2617).
1999: RFC2617 - HTTP Authentication: Basic and Digest Access Authentication

Recommended Pages

Authentication - Method / Protocol / Scheme

The authentication methods / construct / protocol validates the identity of a user (ie validates who you are). The method is implemented by a (identify|authentication) provider. Articles Related Metho "...

Web Service - Representational State Transfer (REST|RESTful) Web services

Web Service - Representational State Transfer (REST|RESTful) Web services About Representational State Transfer (REST) Web services, or “RESTful” Web services describes any simple interface that "...

Oauth - Client Authentication

Oauth - Client Authentication About authentication method for a client in Oauth. The client MUST NOT use more than one authentication method in each request. Articles Related Usage Client authen "...

Authentication - HTTP Digest Access Authentication

Digest access authentication is an http authentication method based on authorization entry. It is intended (as a security trade-off) to replace unencrypted HTTP basic access authentication. It is not, "...

File Transfer - Wget

wget is a headless browser command line. It's most used to download files from the Web but you can also download/mirror a whole website. It supports the HTTP, HTTPS, and FTP protocols Articles Related "...

Http - Authorization Header (authentication entries)

authorization is a header that contains credentials to authenticate a user known also as Authentication entry. Articles Related Syntax Type and Authentication entry An authentication entry and a proxy "...

Share this page:

Authentication - Basic Authentication (HTTP)

Table of Contents

About

Articles Related

Header

Basic authentication dialogue - 401 - WWW-Authenticate : Popup

in Soap UI

Documentation / Reference

Recommended Pages

Authentication - Method / Protocol / Scheme

Web Service - Representational State Transfer (REST|RESTful) Web services

Oauth - Client Authentication

Authentication - HTTP Digest Access Authentication

File Transfer - Wget

Http - Authorization Header (authentication entries)