Stack Overflow
Stack Overflow

Questions tagged [basic-authentication]

Basic authentication is a method for a web browser or other client program to provide a user name and password when making a request.

Basic authentication was introduced with RFC1945 (HTTP/1.0) and is historically the first mechanism for authenticating at the HTTP layer level. Relying on base64 encoding, it is considered from the beginning as weak and unsecure, but it has a legitimate use on trusted connections (either on encrypted tunnels such as SSL, or unencrypted on a closed network).

Mechanism description :

When challenged by an HTTP server sending a WWW-Authenticate header with a realm challenge, the HTTP client must send a new request including an Authorization header containing the user's credentials encoded in base64.

The user credentials can be stored on the HTTP server itself, or on a remote system such as LDAP.

3320 questions
476
votes
29 answers

How to clear basic authentication details in chrome

I'm working on a site that uses basic authentication. Using Chrome I've logged in using the basic auth. I now want to remove the basic authentication details from the browser and try a different login. How do you clear the current basic…
opsb
  • 29,325
  • 19
  • 89
  • 99
390
votes
3 answers

What is the "realm" in basic authentication

I'm setting up basic authentication on a php site and found this page on the php manual showing the set up. What does "realm" mean here in the header? header('WWW-Authenticate: Basic realm="My Realm"'); Is it the page page being requested?
RayLoveless
  • 19,880
  • 21
  • 76
  • 94
373
votes
3 answers

How to define the basic HTTP authentication using cURL correctly?

I'm learning Apigility (Apigility docu -> REST Service Tutorial) and trying to send a POST request with basic authentication via cURL: $ curl -X POST -i -H "Content-Type: application/hal+json" -H "Authorization: Basic YXBpdXNlcjphcGlwd2Q="…
automatix
  • 14,018
  • 26
  • 105
  • 230
346
votes
26 answers

How to log out user from web site using BASIC authentication?

Is it possible to log out user from a web site if he is using basic authentication? Killing session is not enough, since, once user is authenticated, each request contains login info, so user is automatically logged in next time he/she access the…
Marko
  • 30,263
  • 18
  • 74
  • 108
297
votes
11 answers

How do I make a request using HTTP basic authentication with PHP curl?

I'm building a REST web service client in PHP and at the moment I'm using curl to make requests to the service. How do I use curl to make authenticated (http basic) requests? Do I have to add the headers myself?
blank
  • 17,852
  • 20
  • 105
  • 159
264
votes
3 answers

HTTP Basic Authentication credentials passed in URL and encryption

I have a question about HTTPS and HTTP Authentication credentials. Suppose I secure a URL with HTTP Authentication: AuthType Basic AuthName "Restricted Area" AuthUserFile /var/www/passwd/passwords Require user…
rcourtna
  • 4,589
  • 5
  • 26
  • 27
262
votes
7 answers

HTTP Basic Authentication - what's the expected web browser experience?

When a server allows access via Basic HTTP Authentication, what is the experience expected to be in a web browser? Ignoring the web browser for a moment, here's how to create a Basic Auth request with curl: curl -u myusername:mypassword…
bpapa
  • 21,409
  • 25
  • 99
  • 147
255
votes
4 answers

What is the difference between Digest and Basic Authentication?

What is the difference between Digest and Basic Authentication ?
Dot Freelancer
  • 4,083
  • 3
  • 28
  • 50
188
votes
9 answers

Use Invoke-WebRequest with a username and password for basic authentication on the GitHub API

With cURL, we can pass a username with an HTTP web request as follows: $ curl -u https://api.github.com/user The -u flag accepts a username for authentication, and then cURL will request the password. The cURL example is for Basic…
Shaun Luttin
  • 133,272
  • 81
  • 405
  • 467
173
votes
8 answers

Basic HTTP and Bearer Token Authentication

I am currently developing a REST-API which is HTTP-Basic protected for the development environment. As the real authentication is done via a token, I'm still trying to figure out, how to send two authorization headers. I have tried this one: curl -i…
Azngeek
  • 2,183
  • 2
  • 16
  • 21
155
votes
2 answers

Web API Authentication Basic vs Bearer

I have created JWT based Authentication in my Web API application. I am not able to figure out the difference between Basic Token Bearer Token Can someone please help me?
SharmaPattar
  • 2,472
  • 3
  • 21
  • 23
124
votes
10 answers

How to use http.client in Node.js if there is basic authorization

As per title, how do I do that? Here is my code: var http = require('http'); // to access this url I need to put basic auth. var client = http.createClient(80, 'www.example.com'); var request = client.request('GET', '/', { 'host':…
de_3
  • 3,389
  • 5
  • 20
  • 14
123
votes
12 answers

How to prevent browser to invoke basic auth popup and handle 401 error using Jquery?

I need to send authorization request using basic auth. I have successfully implemented this using jquery. However when I get 401 error basic auth browser popup is opened and jquery ajax error callback is not called.
Alexey Zakharov
  • 24,694
  • 42
  • 126
  • 197
97
votes
2 answers

Basic HTTP Auth in Go

I'm trying to do basic HTTP auth with the code below, but it is throwing out the following error: 2013/05/21 10:22:58 Get mydomain.example: unsupported protocol scheme "" exit status 1 func basicAuth() string { var username string = "foo" …
leonsas
  • 4,718
  • 6
  • 43
  • 70
95
votes
9 answers

PowerShell's Invoke-RestMethod equivalent of curl -u (Basic Authentication)

What is the equivalent of curl -u username:password ... in PowerShell's Invoke-RestMethod? I tried this: $securePwd = ConvertTo-SecureString "password" -AsPlainText -Force $credential = New-Object System.Management.Automation.PSCredential…
Borek Bernard
  • 50,745
  • 59
  • 165
  • 240
1
2 3
99 100