HTTP - Basic Authentication

• A method to require a HTTP user agent to privide a valid user name and password in order to access a resource.

How it Works

• Client issues request

  GET / HTTP/1.1
  

• Server responds with status code 401 (Unauthorized)

  HTTP/1.1 401 Unauthorized
  WWW-Authenticate: Basic realm="Private Area"
  

• Client issues request containing Authorization header

  GET / HTTP/1.1
  Authorization: Basic [username:password encoded in Base64]
  

• Server responds with either 200 (OK) or 403 (Forbidden)

  HTTP/1.1 200 OK
  

  or

  HTTP/1.1 403 Forbidden
  

Acknowledgements

• https://developer.mozilla.org