当前位置:在线查询网 > 在线百科全书查询 > HTTP Auth

HTTP Auth_在线百科全书查询


请输入要查询的词条内容:

HTTP Auth

1. Basic Access Authentication

the credentials are passed as plaintext and could be intercepted easily.

To prevent the user name and password being read directly by a person, they are encoded as a sequence of base-64 characters before transmission.

example:

Client request (no authentication):

GET /private/index.html HTTP/1.0

Host: localhost

Server response:

HTTP/1.0 401 Unauthorised

Server: SokEvo/1.0

Date: Sat, 27 Nov 2004 10:18:15 GMT

WWW-Authenticate: Basic realm="SokEvo“

Content-Type: text/html

Content-Length: xxx

<HTML>

<HEAD>

<TITLE>Error</TITLE>       

</HEAD>

<BODY><H1>401 Unauthorised.</H1></BODY>

</HTML>

Client request (user name "Aladdin", password "open sesame"):

GET /private/index.html HTTP/1.0

Host: localhost

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

Server response:

HTTP/1.0 200 OK

Server: SokEvo/1.0

Date: Sat, 27 Nov 2004 10:19:07 GMT

Content-Type: text/html

Content-Length: 10476

2. Digest Access Authentication

user identity to be established securely without having to send a password in plaintext over the network. Digest authentication is basically an application of MD5 cryptographic hashing with usage of nonce values to prevent cryptanalysis.

example:

Client request (no authentication):

GET /dir/index.html HTTP/1.0

Host: localhost

Server response:

HTTP/1.0 401 Unauthorised

Server: SokEvo/0.9

Date: Sun, 10 Apr 2005 20:26:47 GMT

WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41“

Content-Type: text/html

Content-Length: xxx

<HTML>

<HEAD>

<TITLE>Error</TITLE>

</HEAD>

<BODY><H1>401 Unauthorised.</H1></BODY>

</HTML>

Client request (user name "Mufasa", password "Circle Of Life"):

GET /dir/index.html HTTP/1.0

Host: localhost

Authorization: Digest username="Mufasa",

realm="testrealm@host.com",

nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",

uri="/dir/index.html",

qop=auth,

nc=00000001,

cnonce="0a4f113b",

response="6629fae49393a05397450978507c4ef1",

opaque="5ccc069c403ebaf9f0171e9517f40e41"

Server response:

HTTP/1.0 200 OK

Server: SokEvo/0.9

Date: Sun, 10 Apr 2005 20:27:03 GMT

Content-Type: text/html

Content-Length: 7984

相关分词: HTTP Auth