0 added
0 removed
Original
2026-01-01
Modified
2026-02-21
1
<p>HTTP has a feature called<strong>basic authentication</strong>. It works as follows.</p>
1
<p>HTTP has a feature called<strong>basic authentication</strong>. It works as follows.</p>
2
<p>Imagine you visit a specific page or site that requires authentication. You'll see an authorization window. The browser renders this window and requires you to enter a name and password.</p>
2
<p>Imagine you visit a specific page or site that requires authentication. You'll see an authorization window. The browser renders this window and requires you to enter a name and password.</p>
3
<p>Usually, if you enter incorrect data, the browser will request them again. And if you click Cancel, you'll get an error 401. Any attempt to access a page that requires basic authorization will get a 401 response. However, there's no difference between sending a form with incorrect data and clicking Cancel.</p>
3
<p>Usually, if you enter incorrect data, the browser will request them again. And if you click Cancel, you'll get an error 401. Any attempt to access a page that requires basic authorization will get a 401 response. However, there's no difference between sending a form with incorrect data and clicking Cancel.</p>
4
<p>As a result, the browser renders this form when it encounters a 401 error. It works simply: either you send the correct data or get a 401 error. No magic, no way to get around it.</p>
4
<p>As a result, the browser renders this form when it encounters a 401 error. It works simply: either you send the correct data or get a 401 error. No magic, no way to get around it.</p>
5
<p>Let's see what data is required for such an interaction:</p>
5
<p>Let's see what data is required for such an interaction:</p>
6
<p>You can't log in, and you'll see Access Denied with the following header from the WWW-Authenticate: Basic realm="My Server". There is a key in this header, which value is displayed in the dialog box. It isn't used anywhere else.</p>
6
<p>You can't log in, and you'll see Access Denied with the following header from the WWW-Authenticate: Basic realm="My Server". There is a key in this header, which value is displayed in the dialog box. It isn't used anywhere else.</p>
7
<p>After entering your username and password, the following headers will be sent:</p>
7
<p>After entering your username and password, the following headers will be sent:</p>
8
<p>Firstly, these are standard headers for HTTP 1.1. Secondly, there is the Authorization header, which has the mandatory word Basic and an encoded phrase after the space. This phrase consists of a username and password, encoded in<strong>base64</strong>:</p>
8
<p>Firstly, these are standard headers for HTTP 1.1. Secondly, there is the Authorization header, which has the mandatory word Basic and an encoded phrase after the space. This phrase consists of a username and password, encoded in<strong>base64</strong>:</p>
9
<p>That's all that's needed. After sending the correct data, authentication takes place, and you can enter the site or page you have accessed.</p>
9
<p>That's all that's needed. After sending the correct data, authentication takes place, and you can enter the site or page you have accessed.</p>