Sometimes called Basic Auth or Basic Authorization.
In the context of a transaction over HTTP, basic authentication is a method for an HTTP user agent to provide a user name and password when making a
request.
This method of authentication is often used in B2B transactions to
provide an extra layer of security.
Basic Auth provides no confidentiality protection for the transmitted
credentials. They are merely encoded with Base64 in transit, but not encrypted or hashed in any way. HTTPS is, therefore, typically preferred
over or used in conjunction with Basic Authentication.
When the user agent wants to send the
server authentication credentials it can use the Authorization field.
The Authorization field is
constructed as follows
1. Username and
password are combined into a string "username:password".
2.
The resulting string is then encoded using Base64. Taking the above literally,
the Base64 interpretation of username:password is ………..
dXNlcm5hbWU6cGFzc3dvcmQ=
3.
The authorization method in this case "Authorization: Basic "
is then put before the encoded string.
So the actual basic authentication header to be applied to the HTTP
header in this example would be ………..
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
No comments:
Post a Comment