• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

HTTP basic authentication in Web Applications

Ranch Hand
Posts: 120
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is the HTTP basic authentication in Web Applications? How does this works and how is it administered?
Ranch Hand
Posts: 403
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Basic Authentication is a process where the HTTP response sent back to the http user agent contains the following info:
WWW-Authenticate BASIC realm="myRealm"
When the user agent (your browser) receives this it pops up a dialog box prompting for a username and password for "myRealm"
The user agent sends back the request with a header that looks like this:
Authorization BASIC Base64Encoded(username :password)
So long as the username and password is fine the user is allowed through to the protected resource.
How Basic Authentication is set up really depends on which HTTP server you are running.
Some HTTP servers have a file called .htaccess in the directory which you want to protect, containing the list of authorized users.
Basic Authentication is good in that it is relatively easy to setup, and you just let the browser and HTTP server handle the authentication, but a major problem is there is no "logout" functionality.
The only way to logout is for the user to close their browser.
Anyway, here is some code to simulate Basic Authentication, and will let you see what is going on, you can added code to print out the headers and see what is being sent back and forth between the client and server.

Also check out the manuals for your HTTP serverm I am sure they will have extensive detail on how to setup Basic Authentication.

[This message has been edited by james swan (edited August 23, 2001).]
Straws are for suckers. Now suck on this tiny ad!
Thread Boost feature
    Bookmark Topic Watch Topic
  • New Topic