Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HTTP Basic Authentication

 
Kamal Tripathi
Ranch Hand
Posts: 86
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Source: Javaranch Mock Exam

Which of the following statements are true about HTTP Basic Authentication?
a. The Server asks the client for username/password when the client request for a
protected resource.
b. The Browser by identifying the response body can determine whether a request is
protected or not.
c. The HTTP Basic Authentication mechanism is very simple as the username/password
information is encrypted before they are sent.


Answer: A.

I am in agreement. But for option B, I wanted to know how does browser identify whether a request is protected or not (since after all browser log-in screen is used in this case) ??
 
Hong Anderson
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By using header, take a look at http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html - 401 Unauthorized.
 
Abdul Rahman
Ranch Hand
Posts: 63
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A browser sends a request for a protected resource. At this time the browser does not know that the resource is protected, so it sends a normal http request. For example GET/photos/samplePhoto.jpg /HTTP1.1

The server observes that the resource is protected, and so instead of sending the resource, it sends a 401 Unauthorized message back to the client. In the
message, it also includes a header that tells the browser that the Basic authentication is needed to access the resource. The header also specifies the context in
which the authentication would be valid.

Like:
HTTP/1.1 401 Unauthorized
Server: Tomcat 5.0.25
www-Authenticate:Basic realm="privelegeUser"
content-length=1000
content-type=image/jpeg
....
.....
Upon receiving the above response, the browser opens a dialog box prompting for a username and password.
Once the user enters the username and password, the browser resends the request and passes the values in a header named Authorization:

GET/photos/samplePhoto.jpg /HTTP1.1
Authorization: Basic am9objpqamo= (this is Base64 encoded value of the username:password string.)

Hope that clarifies. For more information please refer a book .
 
Kamal Tripathi
Ranch Hand
Posts: 86
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thnx a lot guys .. I think its a lot clearer now ...
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic