Basic Authentication Scheme


Basic Authentication Scheme is defined in RFC 2617 and updated by RFC 7235 for the HTTP Authentication Framework which can be used by a HTTP server to challenge a client request and by a client to provide authentication information.

The challenge-response flow works like this:

Usually a client will present a password prompt to the End-User and will then issue the request including the correct Authorization header.

The realm value should be considered an opaque string which can only be compared for equality with other realms on that server. The server will service the request only if it can validate the userId and password for the protection space of the Request-URI.

There are no optional authentication parameters.

For Basic, the framework above is utilized as follows:

challenge   = "Basic" realm
credentials = "Basic" basic-credentials

Proxy-Authenticate Proxy Authorization#

The same Basic Authentication Scheme mechanism can be used for proxy authentication. In this case, it is an intermediate proxy that requires authentication. As both resource authentication and proxy authentication can coexist, a different set of HTTP Header Fields and HTTP Status Codes are needed. In the case of proxies, the challenging status code is HTTP 407 (Proxy Authentication Required), the Proxy-Authenticate response header contains at least one challenge applicable to the proxy, and the Proxy-Authorization HTTP Request is used for providing the credentials to the Proxy Server.

More Information#

There might be more information for this subject on one of the following: