HTTP Authentication
HTTP authentication, as specified in RFC 2617,[130] is the original credential-handling mechanism envisioned for web applications, one that is now almost completely extinct. The reasons for this outcome might have been the inflexibility of the associated browser-level UIs, the difficulty of accommodating more sophisticated non-password-based authentication schemes, or perhaps the inability to exercise control over how long credentials are cached and what other domains they are shared with.
In any case, the basic scheme is fairly simple. It begins with the browser making an unauthenticated request, to which the server responds with a “401 Unauthorized” code.[23] The server must also include a WWW-Authenticate HTTP header, specifying ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access