Stack Overflow
Stack Overflow

Questions tagged [basic-authentication]

Basic authentication is a method for a web browser or other client program to provide a user name and password when making a request.

Basic authentication was introduced with RFC1945 (HTTP/1.0) and is historically the first mechanism for authenticating at the HTTP layer level. Relying on base64 encoding, it is considered from the beginning as weak and unsecure, but it has a legitimate use on trusted connections (either on encrypted tunnels such as SSL, or unencrypted on a closed network).

Mechanism description :

When challenged by an HTTP server sending a WWW-Authenticate header with a realm challenge, the HTTP client must send a new request including an Authorization header containing the user's credentials encoded in base64.

The user credentials can be stored on the HTTP server itself, or on a remote system such as LDAP.

3320 questions
94
votes
4 answers

What encoding should I use for HTTP Basic Authentication?

The RFC2617 says to encode the username and password to base64 but don't say what character encoding to use when creating the octets for input into the base64 algorithm. Should I assume US-ASCII or UTF8? Or has someone settled this question…
Dobes Vandermeer
  • 8,463
  • 5
  • 43
  • 46
92
votes
10 answers

How do I create a user account for basic authentication?

I'd like to add basic authentication to my website. I followed the instructions in the MSDN article on Configure Basic Authentication (IIS 7) To use the UI Open IIS Manager and navigate to the level you want to manage. For information about…
Joseph Bi
  • 1,166
  • 2
  • 9
  • 11
85
votes
4 answers

How can I retrieve Basic Authentication credentials from the header?

I am trying to write some simple tests User Authentication mechanism which uses Basic Authentication. How can I retrieve the credentials from the header? string authorizationHeader = this.HttpContext.Request.Headers["Authorization"]; Where do I go…
user4041873
82
votes
8 answers

How do I do HTTP basic authentication using Guzzle?

I want to do basic access authentication using Guzzle and I am very new to programming. I have no clue what to do. I tried to do this using curl but my environment requires using guzzle.
Gopi K Mishra
  • 963
  • 1
  • 6
  • 5
81
votes
6 answers

Basic authorization command for curl

How do I set up the Basic authorization using Base64 encoded credentials? I tried the below two commands, but of no use. Please suggest me the correct variant. curl -i -H 'Accept:application/json' Authorization:Basic
Amit Sharad
  • 1,041
  • 3
  • 12
  • 17
72
votes
7 answers

How do you use Basic Authentication with System.Net.Http.HttpClient?

I'm trying to implement a rest client in c# .net core that needs to first do Basic Authentication, then leverage a Bearer token in subsequent requests. When I try to do Basic Authentication in combination with client.PostAsync with a…
ScArcher2
  • 85,501
  • 44
  • 121
  • 160
67
votes
1 answer

Escaping username characters in basic auth URLs

When using http basic authentication, the username can be passed in the URL, e.g. http://david@foo.com/path/ But now suppose the username is an email address, e.g. david@company.com. Doing this is clearly…
David Ebbo
  • 42,443
  • 8
  • 103
  • 117
65
votes
9 answers

http basic authentication "log out"

HTTP basic authentication credentials are stored until the browser is closed, but is there a way to remove the credentials before the browser is closed? I read about a trick with HTTP 401 status code, but it seems to work not properly (see comment…
deamon
  • 89,107
  • 111
  • 320
  • 448
65
votes
6 answers

Is basic access authentication secure?

Using Apache, it is quite simple to set up a page that uses basic access authentication to prompt a user for a name/password and use those credentials in some way to grant access to that user. Is this secure, assuming the connection between the…
Nathan Osman
  • 71,149
  • 71
  • 256
  • 361
63
votes
3 answers

No Basic Authentication choice available in IIS7

I do not have the option for Basic Authentication in IIS Manager under IIS=>Authentication. I do have the following options: Anonymous Authentication ASP.NET Impersonation Forms Authentication I am using Windows 7 professional N, and according to…
bnieland
  • 6,047
  • 4
  • 40
  • 66
63
votes
7 answers

Spring Security exclude url patterns in security annotation configurartion

I have spring web application with Spring security configured using java config approach. I want to exclude some URL patterns from authentication(eg: static resources etc..). I have done this earlier with spring security xml config but couldn't…
Rajkumar Palani
  • 2,211
  • 2
  • 19
  • 25
62
votes
4 answers

API Design: HTTP Basic Authentication vs API Token

I'm currently creating an authentication system on front of a public web API for a web application. Given that each user account has an API key and each request must be authenticated, I have two alternatives: Using an HTTP Basic Authentication,…
Simone Carletti
  • 173,507
  • 49
  • 363
  • 364
60
votes
2 answers

Pure JavaScript code for HTTP Basic Authentication?

Where can I find reference code that implements a HTTP Basic Authentication client in pure JavaScript, suitable for AJAX? Extra points for code, or pointers to code, that can be used independent of JS toolkits like YUI. No points for Java,…
system PAUSE
  • 37,082
  • 20
  • 62
  • 59
60
votes
5 answers

Basic Authentication in ASP.NET Core

Question How can I implement Basic Authentication with Custom Membership in an ASP.NET Core web application? Notes In MVC 5 I was using the instructions in this article which requires adding a module in the WebConfig. I am still deploying my new…
A-Sharabiani
  • 17,750
  • 17
  • 113
  • 128
57
votes
6 answers

.htaccess / .htpasswd bypass if at a certain IP address

Is it possible to have an .htaccess/.htpasswd access control setup for a given directory, but if they are from a specific IP address, bypass the login/password authentication? I know you can do something like this in the .htaccess file: order…
Keefer
  • 2,269
  • 7
  • 33
  • 50
1
2
3
99 100