Wednesday 13 January 2016

What is Basic Authentication

Sometimes called Basic Auth or Basic Authorization.  

In the context of a transaction over HTTP, basic authentication is a method for an HTTP user agent to provide a user name and password when making a request.  

This method of authentication is often used in B2B transactions to provide an extra layer of security.

Basic Auth provides no confidentiality protection for the transmitted credentials. They are merely encoded with Base64 in transit, but not encrypted or hashed in any way. HTTPS is, therefore, typically preferred over or used in conjunction with Basic Authentication.
When the user agent wants to send the server authentication credentials it can use the Authorization field.
The Authorization field is constructed as follows
1.   Username and password are combined into a string "username:password".
2.     The resulting string is then encoded using Base64.  Taking the above literally, the Base64 interpretation of username:password is ……….. dXNlcm5hbWU6cGFzc3dvcmQ=
3.     The authorization method in this case "Authorization: Basic " is then put before the encoded string.

So the actual basic authentication header to be applied to the HTTP header in this example would be  ………..   
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

No comments:

Post a Comment