• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HTTP basic authentication in Web Applications

 
mini mehta
Ranch Hand
Posts: 120
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is the HTTP basic authentication in Web Applications? How does this works and how is it administered?
 
James Swan
Ranch Hand
Posts: 403
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Basic Authentication is a process where the HTTP response sent back to the http user agent contains the following info:
WWW-Authenticate BASIC realm="myRealm"
When the user agent (your browser) receives this it pops up a dialog box prompting for a username and password for "myRealm"
The user agent sends back the request with a header that looks like this:
Authorization BASIC Base64Encoded(username :password)
So long as the username and password is fine the user is allowed through to the protected resource.
How Basic Authentication is set up really depends on which HTTP server you are running.
Some HTTP servers have a file called .htaccess in the directory which you want to protect, containing the list of authorized users.
Basic Authentication is good in that it is relatively easy to setup, and you just let the browser and HTTP server handle the authentication, but a major problem is there is no "logout" functionality.
The only way to logout is for the user to close their browser.
Anyway, here is some code to simulate Basic Authentication, and will let you see what is going on, you can added code to print out the headers and see what is being sent back and forth between the client and server.

Also check out the manuals for your HTTP serverm I am sure they will have extensive detail on how to setup Basic Authentication.
James.

[This message has been edited by james swan (edited August 23, 2001).]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic