• Login/Register
  • Section: Internet /Monday 13th October 2014

    Alphabetic Index : A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

    Search β):

    * Basic access authentication *

    اصالت‌سنجی برای دسترسی‌های اولیه

    (Wikipedia) - Basic access authentication HTTP Request methods Header fields Status codes
    • Persistence
    • Compression
    • HTTPS
    • GET
    • HEAD
    • POST
    • PUT
    • DELETE
    • TRACE
    • PATCH
    • Cookie
    • ETag
    • Location
    • HTTP referer
    • DNT
    • X-Forwarded-For
    • 301 Moved Permanently
    • 302 Found
    • 303 See Other
    • 403 Forbidden
    • 404 Not Found
    • v
    • t
    • e

    In the context of a HTTP transaction, basic access authentication is a method for an HTTP user agent to provide a user name and password when making a request.



    HTTP Basic authentication (BA) implementation is the simplest technique for enforcing access controls to web resources because it doesn''t require cookies, session identifier and login pages. Rather, HTTP Basic authentication uses static, standard HTTP headers which means that no handshakes have to be done in anticipation.


    The BA mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with Base64 in transit, but not encrypted or hashed in any way. Basic Authentication is, therefore, typically used over HTTPS.

    Because the BA header has to be sent with each HTTP request, the web browser needs to cache credentials for a reasonable period of time to avoid constantly prompting the user for their username and password. Caching policy differs between browsers. Microsoft Internet Explorer by default caches them for 15 minutes.

    HTTP does not provide a method for a web server to instruct the client to "log out" the user. However, there are a number of methods to clear cached credentials in certain web browsers. One of them is redirecting the user to a URL on the same domain containing credentials that are intentionally incorrect:

    Unfortunately, this behavior is inconsistent between various browsers and browser versions. Microsoft Internet Explorer offers a dedicated JavaScript method to clear cached credentials:

    <script>document.execCommand(''ClearAuthenticationCache'', ''false'');</script>Protocol Server side

    When the server wants the user agent to authenticate itself towards the server, it can send a request for authentication.

    This request should be sent using the HTTP 401 Not Authorized response code containing a WWW-Authenticate HTTP header.

    The WWW-Authenticate header for basic authentication (used most often) is constructed as following:

    WWW-Authenticate: Basic realm="nmrs_m7VKmomQ2YM3:"Client side

    When the user agent wants to send the server authentication credentials it may use the Authorization header.

    The Authorization header is constructed as follows:

  • Username and password are combined into a string "username:password"
  • The resulting string is then encoded using the RFC2045-MIME variant of Base64, except not limited to 76 char/line
  • The authorization method and a space i.e. "Basic " is then put before the encoded string.
  • For example, if the user agent uses ''Aladdin'' as the username and ''open sesame'' as the password then the header is formed as follows:

    Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

    Tags:Basic, Basic access authentication, HTTP, Internet, Internet Explorer, Microsoft, Wikipedia

    Add definition or comments on Basic access authentication

    Your Name / Alias:
    Definition / Comments
    neutral points of view
    Source / SEO Backlink:
    Anti-Spam Check
    Enter text above
    Upon approval, your definition will be listed under: Basic access authentication

    Happy Summer Sale

    Home About us / Contact    Products    Services    Iranian History Today    Top Iran Links    Iranian B2B Web Directory    Historical Glossary
    Copyright @ 2004-2016 fouman.com All Rights Iranian