• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • Al Hobbs
  • salvin francis

HTTP basic authentication in Web Applications

Ranch Hand
Posts: 120
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is the HTTP basic authentication in Web Applications? How does this works and how is it administered?
Ranch Hand
Posts: 403
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Basic Authentication is a process where the HTTP response sent back to the http user agent contains the following info:
WWW-Authenticate BASIC realm="myRealm"
When the user agent (your browser) receives this it pops up a dialog box prompting for a username and password for "myRealm"
The user agent sends back the request with a header that looks like this:
Authorization BASIC Base64Encoded(username :password)
So long as the username and password is fine the user is allowed through to the protected resource.
How Basic Authentication is set up really depends on which HTTP server you are running.
Some HTTP servers have a file called .htaccess in the directory which you want to protect, containing the list of authorized users.
Basic Authentication is good in that it is relatively easy to setup, and you just let the browser and HTTP server handle the authentication, but a major problem is there is no "logout" functionality.
The only way to logout is for the user to close their browser.
Anyway, here is some code to simulate Basic Authentication, and will let you see what is going on, you can added code to print out the headers and see what is being sent back and forth between the client and server.

Also check out the manuals for your HTTP serverm I am sure they will have extensive detail on how to setup Basic Authentication.

[This message has been edited by james swan (edited August 23, 2001).]
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
    Bookmark Topic Watch Topic
  • New Topic