526互联

HTTP Basic Authentication>> 401>> Using the browser’s native login prompt

发布时间 2023-06-06 13:17:36作者: zno2

https://docs.oracle.com/cd/E27515_01/common/tutorials/authn_http_basic.html

http://blog.stevensanderson.com/2008/08/25/using-the-browsers-native-login-prompt/

 

A browser is talking to a Web server

When the browser receives the HTTP 401 response to its initial request

it displays a dialog (build-in login)

to enable the user to enter the username and password combination.

 

 

    1. The browser makes a request to some URL
    2. The server sends back a response with an HTTP status code of 401 (meaning “Not authorized”), plus a header describing the types of authentication it will accept. For example:
          WWW-Authenticate: Basic
    3. This makes the browser display a login prompt, but it doesn’t display any other text that’s in the response. (It only displays that response text if the user clicks “Cancel”.)
    4. When the user enters some credentials, the browser resubmits the same request to the same URL, plus it also adds this extra header:
          Authorization: Basic username:password
      Note that the username:password bit is actually Base-64 encoded.
    5. The server parses the username and password from the request, and decides whether the credentials are valid or not. If they are valid, it lets the user continue (so it might return a proper HTML response, or it might redirect to somewhere else). If they are invalid, it returns a 401 again (i.e., goes back to step 2).
    6. If the user enters the same incorrect credentials twice in a row, the browser normally won’t bother resubmitting them and will just give up.