Skip to Main Content
Practical Internet Groupware
book

Practical Internet Groupware

by Jon Udell
October 1999
Beginner content levelBeginner
521 pages
15h 28m
English
O'Reilly Media, Inc.
Content preview from Practical Internet Groupware

Chapter 12. Authentication and Authorization Techniques

In the last chapter, we built a simple update notifier. It’s based on the push/pull technique. Each message summarizes new docbase records and includes links that point back to the complete records. If those documents are intended for use only by subscribers, you’ll need to enforce some kind of access control.

In this chapter, we’ll look at ways to control access to both statically served and dynamically served documents, using either the Apache or Microsoft IIS web servers. We’ll also explore how to combine simple user-based access control with a more sophisticated attribute-based approach that’s sensitive not only to who is requesting a document, but also to what’s in the document.

We should define some terms before proceeding. By authentication I mean proving a user’s identity, typically by looking up a name/password combination in a directory. By authorization I mean proving that an authenticated user is allowed to access some protected resource.

HTTP Basic Authentication

Available with every web server, HTTP basic authentication is a very simple protocol. When a browser asks for a protected resource, the server sends back an authentication header instead, like this:

HTTP/1.0 401 Unauthorized
WWW-Authenticate: Basic realm=subscribers

The browser reacts to this message by presenting its standard login dialog to the user, accepting a name and password, then retrying its original request but with the addition of this header: ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Web Operations

Web Operations

John Allspaw, Jesse Robbins

Publisher Resources

ISBN: 1565925378Catalog PageErrata