Web Security - HTTP Basic Access Authentication

> (World Wide) Web - (W3|WWW) > Web - Security

1 - About

Basic Access Authentication

Basic access authentication uses the easily reversible Base64 encoding making it non-secure unless used in conjunction with TLS.

The basic mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with Base64 in transit, but not encrypted or hashed in any way. HTTPS is, therefore, typically used in conjunction with Basic Authentication.

The information is provided in the authorization header

Authorization: Basic dXNlcjpwYXNzd29yZA==

The browser is sending the username and password with every request then be sure to serve only on https.

Basic authentication is restricted to username and password authentication.

Advertising

The browser pops up a Basic authentication dialogue (for user and password) when a request returns a 401 response with a WWW-Authenticate header.

Suppressing the header will suppress the popup.

4 - in Soap UI

5 - Documentation / Reference