This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Authorization Header
Authorization Header

Version management

Difference between version and

At line 1 added 40 lines
!!! Overview
[{$pagename}] [HTTP Request Header] contains the [credentials] to [authenticate] a [user-agent] with a [server], usually after the [server] has responded with a [HTTP 401] [Unauthorized] and the [WWW-Authenticate] [HTTP Response Header].
In the context of an HTTP transaction, [HTTP Basic Authentication|Basic Authentication Scheme] is an [Authentication Method] for an [HTTP] [user-agent] to provide a user name and [password] when making a [HTTP Request].
[Basic Authentication Scheme] implementation is the simplest technique for enforcing [Access Controls] to [web] [resources] because it doesn't require [cookies], session identifier and login pages. Rather, [Basic Authentication Scheme] uses static, standard [HTTP Header Fields] which means that no handshakes have to be done in anticipation.
When the [user-agent] wants to send the server [authentication] [credentials] it may use the [{$pagename}] [1]
!! [Server-side]
When the server wants the [user-agent] to authenticate itself towards the server, it must respond appropriately to unauthenticated requests.
Unauthenticated requests should return a response whose header contains a [HTTP 401] Not Authorized status and a [WWW-Authenticate] field.
The [WWW-Authenticate] [HTTP Header Field] for basic authentication (used most often) is constructed as following:
%%prettify
{{{
WWW-Authenticate: Basic realm="nmrs_m7VKmomQ2YM3:"
}}} /%
!! [Client-side]
When the [user-agent] wants to send the server authentication credentials it may use the Authorization field. The Authorization field is constructed as follows:
[Username] and [password] are combined into a string "username:password". Note that username cannot contain the ":" character.
The resulting string is then encoded using the [RFC 2045]-[MIME] variant of [Base64], except not limited to 76 char/line.
The [authorization] method and a space i.e. "Basic " is then put before the encoded string.
For example, if the user agent uses 'Aladdin' as the username and 'open sesame' as the password then the field is formed as follows:
%%prettify
{{{
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
}}} /%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Basic Access Authentication|Wikipedia:Basic_access_authentication|target='_blank'] - based on data observed:2015-05-18
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop