This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Basic Authentication Scheme
Basic Authentication Scheme

Version management

Difference between version and

At line 1 added 25 lines
!!! Overview
[{$pagename}] is defined in [RFC 2617] and updated by [RFC 7235] for the [HTTP Authentication Framework] which can be used by a [HTTP] [server] to challenge a [client] request and by a client to provide [authentication] information.
The [challenge-response] flow works like this:
* The server responds to a client with a [HTTP 401] ([Unauthorized]) [HTTP Response Header] status and provides information on how to [authorize|Authorization] with a [WWW-Authenticate] [HTTP Response] [HTTP Header Field] containing at least one challenge.
* A client that wants to [authenticate] itself with a server can then do so by including an [Authorization Header] [HTTP Request Header] [HTTP Header Field] with the [credentials].
Usually a client will present a [password] prompt to the [End-User] and will then issue the request including the correct Authorization header.
The [realm] value should be considered an opaque [string] which can only be compared for equality with other [realms] on that [server]. The [server] will service the request only if it can validate the [userId] and [password] for the protection space of the Request-[URI].
There are no optional [authentication] parameters.
For Basic, the framework above is utilized as follows:
%%prettify
{{{
challenge = "Basic" realm
credentials = "Basic" basic-credentials
}}} /%
!! [Proxy-Authenticate] [Proxy Authorization|Proxy-Authorization]
The same [{$pagename}] mechanism can be used for [proxy] [authentication]. In this case, it is an intermediate proxy that requires [authentication]. As both [resource] [authentication] and [proxy] [authentication] can coexist, a different set of [HTTP Header Fields] and [HTTP Status Codes] are needed. In the case of proxies, the challenging status code is [HTTP 407] (Proxy Authentication Required), the [Proxy-Authenticate] response header contains at least one challenge applicable to the [proxy], and the [Proxy-Authorization] [HTTP Request] is used for providing the [credentials] to the [Proxy Server].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop