Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
  • Piet Souris
  • Frits Walraven
  • Carey Brown

HTTP basic authentication in Web Applications

Ranch Hand
Posts: 120
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is the HTTP basic authentication in Web Applications? How does this works and how is it administered?
Ranch Hand
Posts: 403
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Basic Authentication is a process where the HTTP response sent back to the http user agent contains the following info:
WWW-Authenticate BASIC realm="myRealm"
When the user agent (your browser) receives this it pops up a dialog box prompting for a username and password for "myRealm"
The user agent sends back the request with a header that looks like this:
Authorization BASIC Base64Encoded(username :password)
So long as the username and password is fine the user is allowed through to the protected resource.
How Basic Authentication is set up really depends on which HTTP server you are running.
Some HTTP servers have a file called .htaccess in the directory which you want to protect, containing the list of authorized users.
Basic Authentication is good in that it is relatively easy to setup, and you just let the browser and HTTP server handle the authentication, but a major problem is there is no "logout" functionality.
The only way to logout is for the user to close their browser.
Anyway, here is some code to simulate Basic Authentication, and will let you see what is going on, you can added code to print out the headers and see what is being sent back and forth between the client and server.

Also check out the manuals for your HTTP serverm I am sure they will have extensive detail on how to setup Basic Authentication.

[This message has been edited by james swan (edited August 23, 2001).]
I miss the old days when I would think up a sinister scheme for world domination and you would show a little emotional support. So just look at this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
    Bookmark Topic Watch Topic
  • New Topic