10.1 Basic Authentication Scheme

[Next] [Previous] [Up] [Top] [Full Contents] [Search]

10. Access Authentication

10.1 Basic Authentication Scheme

The basic authentication scheme is based on the model that the client must authenticate itself with a user-ID and a password for each realm. The realm value should be considered an opaque string which can only be compared for equality with other realms. The server will service the request only if it can validate the user-ID and password for the domain of the Request-URI.

basic-challenge	=	"Basic" SP realm

The client sends the user-ID and password (separated by a single colon ":" character) within a base64 [6] encoded-cookie in the credentials.

basic-credentials	=	"Basic" SP basic-cookie
basic-cookie	=	<base64 encoding of userid-password>
userid-password	=	[ token ] ":" *text

There are no optional authentication parameters for the basic scheme. For example, if the user agent wishes to send the user-ID "Aladdin" and password "open sesame", it would use the following header field:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

The basic authentication scheme is a non-secure method of filtering unauthorized access to resources on an HTTP server. It is based on the assumption that the connection between the client and the server can be regarded as a trusted carrier. As this is not generally true on an open network, the basic authentication scheme should be used accordingly. In spite of this, clients are strongly encouraged to implement the scheme in order to communicate with servers that use it.

T. Berners-Lee, R. T. Fielding, H. Frystyk Nielsen - 12 MAR 95

[Next] [Previous] [Up] [Top] [Full Contents] [Search]

Generated with CERN WebMaker