Easy! IT | WEB | HTTP Authentication
This article is a rough explanation of HTTP Authentication.
Everything might be not exactly correct in this article but it’s very useful for beginners to understand IT terms. If you want to learn IT but you don’t have any experience to work in the IT industry, I wish it helps you to understand IT. And I hope this article makes you study IT more.
Let’s start our 3 minutes lesson!
What is HTTP Authentication?
- RFC 7235 defines HTTP Authentication.
- HTTP Authentication is one of the HTTP techniques.
- HTTP Authentication is the simplest method to authenticate users toward an origin or proxy servers.
HTTP Authentication is the authentication in an HTTP connection. HTTP Authentication usually means an authentication towards proxy servers or origins defined by RFC 7235, there are several methods defined.
If you don’t know what is HTTP, you better read the following articles before you read this one.
Easy! IT | WEB | World Wide Web | Japan Teams
Easy! IT | WEB | HyperText Transfer Protocol | Japan Teams
1. Overview
HTTP Authentication is a method by which the user of a web browser can authenticate itself as a user to the webserver or a web application in order to be authorized for further access.
There are many authentication schemes in the HTTP protocol, such as the following schemes.
- HTTP Basic authentication
- HTTP Digest authentication
- NTLM (defined by Microsoft)
- HTTP SPNEGO Negotiate (defined by Microsoft), with the following underlying mechanisms:
- Kerberos
- NTLM
It is part of the Hypertext Transfer Protocol (HTTP), which forms the basis of the World Wide Web.
2. Function of the HTTP Authentication
If the webserver determines that a requested URL requires a user name or password, it responds this to the browser with the status code 401 Unauthorized and the header WWW-Authenticate.
The browser determines the necessary data for registration (by asking the user or using previously entered values) and sends the result to the server, which transmits the desired page if the access data is correct. Otherwise, a corresponding error message occurs.
3. Several methods of HTTP Authentication
Basic Authentication
According to RFC 2617, Basic Authentication is a commonly used type of HTTP Authentication.
Usernames and passwords are encoded, but they are not encrypted.
Digest Access Authentication
With Digest Access Authentication, the server sends a specially generated random string together with the WWW-Authenticate header.
NTLM HTTP Authentication
Intranets with Windows servers often use the proprietary NTLM authentication scheme, which has been considered insecure for years. In intranets, protection via Kerberos is therefore recommended.
Information source: HTTP-Authentifizierung – Wikipedia, Http Authentication (oracle.com)
fin
|