O'Reilly logo

Designing Evolvable Web APIs with ASP.NET by Darrel Miller, Glenn Block, Pablo Cibraro, Howard Dierking, Pedro Felix

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix E. Authentication Workflows

The client-to-origin workflow involves a client authenticating to an origin server, as shown in Figure E-1.

Client authenticates with origin
Figure E-1. Client authenticates with origin

The client attempts to access a protected resource from an origin server. The server, seeing that the resource is protected, sends back a challenge to the client via a 401 Unauthorized response. The response contains a WWW-Authenticate header (see Table B-3) that contains one or more challenges that the client must respond to in order to access the resource.

The client then sends back a request to the resource providing an Authorization header with the requested credentials.

In the client-to-proxy workflow, a client attempts to access a resource via a secure proxy that it must authenticate against. This is shown in Figure E-2.

Client authenticates with proxy
Figure E-2. Client authenticates with proxy

The client attempts to access a protected resource via an authenticated proxy. The proxy, seeing the request, sends back a challenge to the client via a 407 Proxy Authentication Required response. The response contains a Proxy-Authenticate header (see Table B-3) that contains one or more challenges for accessing the proxy itself. The client then sends back the request, including the Proxy-Authorization header with the requested credentials. If, after authenticating with the proxy, the resource the user is attempting to access is protected, origin server authentication will also kick in. Figure E-3 illustrates this, showing the origin server responding with a challenge after proxy authentication is complete.

Client authenticates with proxy
Figure E-3. Client authenticates with proxy

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required