Authentication - Basic Authentication (HTTP)

Authentication - Basic Authentication (HTTP)

About

Basic Access Authentication is an Authentication mechanism from HTTP auth.

Basic access authentication uses the easily reversible Base64 encoding making it non-secure unless used in conjunction with TLS.

The basic mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with Base64 in transit, but not encrypted or hashed in any way. HTTPS is, therefore, typically used in conjunction with Basic Authentication.

The browser is sending the credential (generally username and password) with every request then be sure to serve only on https.

The information is provided in the authorization header

Authorization: Basic dXNlcjpwYXNzd29yZA==

where dXNlcjpwYXNzd29yZA== is an example of Base64 output of username:password where:

username is the username of the user
password can be:
- password
- or any token (for api, because token can be revoked)

Oauth encode them both using the application/x-www-form-urlencoded encoding algorithm per Appendix B

Basic authentication dialogue - 401 - WWW-Authenticate : Popup

The browser can take care of the user/password dialog prompt when when the server returns a 401 response with a WWW-Authenticate as header.

The browser will then pops up a Basic authentication dialogue (for user and password)

in Soap UI

Documentation / Reference

Basic_access_authentication
2015: RFC 7617 (obsoletes RFC 2617).
1999: RFC2617 - HTTP Authentication: Basic and Digest Access Authentication

Recommended Pages

Authentication - Method / Protocol / Scheme

Authentication - Method / Protocol / Scheme About The authentication methods / construct / protocol validates the identity of a user (ie validates who you are). The method is implemented by a (iden "...

Authentication - HTTP Authentication

In an HTTP authentication scheme, the following may play a role: HTTP cookies (to saved a session token for instance) TLS client certificates for digital signature authentication, and authenticatio "...

Authentication - HTTP Digest Access Authentication

Digest access authentication is an http authentication method based on authorization entry. It is intended (as a security trade-off) to replace unencrypted HTTP basic access authentication. It is not, "...

File Transfer - Wget

wget is a headless browser command line. It's most used to download files from the Web but you can also download/mirror a whole website. It supports the HTTP, HTTPS, and FTP protocols Articles Related "...

Http - Authorization Header (authentication entries)

authorization is a header that contains credentials to authenticate a user known also as Authentication entry. Articles Related Syntax Type and Authentication entry An authentication entry and a proxy "...

Oauth - Client Authentication

authentication method for a client in Oauth. The client MUST NOT use more than one authentication method in each request. Usage Client authentication is used for: Enforcing the binding of refresh tok "...

Web Service - Representational State Transfer (REST|RESTful) Web services

Representational State Transfer (REST) Web services, or “RESTful” Web services describes any simple interface that transmits data over a standardized interface (such as HTTP) without an additional "...

Share this page:

Authentication - Basic Authentication (HTTP)

Table of Contents

About

Header

Basic authentication dialogue - 401 - WWW-Authenticate : Popup

in Soap UI

Documentation / Reference

Recommended Pages

Authentication - Method / Protocol / Scheme

Authentication - HTTP Authentication

Authentication - HTTP Digest Access Authentication

File Transfer - Wget

Http - Authorization Header (authentication entries)

Oauth - Client Authentication

Web Service - Representational State Transfer (REST|RESTful) Web services