Since the origin of the World Wide Web, the vast majority of authentication techniques rely upon HTTP/HTTPS implementation standards, and all of them work more or less in the following way:
- A non-authenticated user-agent asks for a content that cannot be accessed without some kind of permissions.
- The web application returns an authentication request, usually in form of an HTML page containing an empty web form to complete.
- The user-agent fills up the web form with their credentials, usually a username and a password, and then sends it back with a
POST command, which is most likely issued by a click on a Submit button.
- The web application receives the
POST data and calls the aforementioned server-side implementation that will try to ...