HTTP Auth
1. Basic Access Authentication
the credentials are passed as plaintext and could be intercepted easily.
To prevent the user name and password being read directly by a person, they are encoded as a sequence of base-64 characters before transmission.
example:
Client request (no authentication):
GET /private/index.html HTTP/1.0
Host: localhost
Server response:
HTTP/1.0 401 Unauthorised
Server: SokEvo/1.0
Date: Sat, 27 Nov 2004 10:18:15 GMT
WWW-Authenticate: Basic realm="SokEvo“
Content-Type: text/html
Content-Length: xxx
<HTML>
<HEAD>
<TITLE>Error</TITLE>
</HEAD>
<BODY><H1>401 Unauthorised.</H1></BODY>
</HTML>
Client request (user name "Aladdin", password "open sesame"):
GET /private/index.html HTTP/1.0
Host: localhost
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Server response:
HTTP/1.0 200 OK
Server: SokEvo/1.0
Date: Sat, 27 Nov 2004 10:19:07 GMT
Content-Type: text/html
Content-Length: 10476
2. Digest Access Authentication
user identity to be established securely without having to send a password in plaintext over the network. Digest authentication is basically an application of MD5 cryptographic hashing with usage of nonce values to prevent cryptanalysis.
example:
Client request (no authentication):
GET /dir/index.html HTTP/1.0
Host: localhost
Server response:
HTTP/1.0 401 Unauthorised
Server: SokEvo/0.9
Date: Sun, 10 Apr 2005 20:26:47 GMT
WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41“
Content-Type: text/html
Content-Length: xxx
<HTML>
<HEAD>
<TITLE>Error</TITLE>
</HEAD>
<BODY><H1>401 Unauthorised.</H1></BODY>
</HTML>
Client request (user name "Mufasa", password "Circle Of Life"):
GET /dir/index.html HTTP/1.0
Host: localhost
Authorization: Digest username="Mufasa",
realm="testrealm@host.com",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="/dir/index.html",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
Server response:
HTTP/1.0 200 OK
Server: SokEvo/0.9
Date: Sun, 10 Apr 2005 20:27:03 GMT
Content-Type: text/html
Content-Length: 7984