A Web client cannot predict whether a particular resource is protected with basic authentication prior to requesting it. For this reason, the initial request for a protected resource is no different than any other request. The response returned by the server is the first indication to the client that the resource is protected. Thus, the series of events in basic authentication consists of two complete HTTP transactions. The steps involved are as follows:
The Web client requests a resource that is protected by basic authentication from the Web server.
The Web server returns an HTTP response with a 401 Unauthorized status code.
The Web client prompts the user for a username and password, and then makes a second ...