Based on a username and password.
- A web server requests a web client to authenticate the user.
(Challenge)
- The web client obtains the username and the password
(Credentials) from the user and transmits them to the web server.
- The web server then authenticates the user in the specified realm.
Basic Authentication is not a secure authentication protocol.
- The user password is transmitted with a simple base64 encoding.
- The target server is not authenticated.
The process:
- A web client attempts to access a protected realm.
- The web server may respond with a challenge: Status code: 401,
Response header: WWW-Authenticate: Basic realm="name"
- The web client reponds with a request that includes the user
credentials in the following request header:
Authorization: Basic "base64 encoded user-pass"
- Decoded user-pass is in the following form: userid: password
