HTTP has a feature called basic authentication. It works as follows.
Imagine you visit a specific page or site that requires authentication. You'll see an authorization window. The browser renders this window and requires you to enter a name and password.
Usually, if you enter incorrect data, the browser will request them again. And if you click Cancel, you'll get an error 401. Any attempt to access a page that requires basic authorization will get a 401 response. However, there's no difference between sending a form with incorrect data and clicking Cancel.
As a result, the browser renders this form when it encounters a 401 error. It works simply: either you send the correct data or get a 401 error. No magic, no way to get around it.
Let's see what data is required for such an interaction:
HTTP/1.1 401 Access Denied WWW-Authenticate: Basic realm="My Server" Content-Length: 0
You can't log in, and you'll see
Access Denied with the following header from the
WWW-Authenticate: Basic realm="My Server". There is a key in this header, which value is displayed in the dialog box. It isn't used anywhere else.
After entering your username and password, the following headers will be sent:
GET /securefiles/ HTTP/1.1 Host: www.httpwatch.com Authorization: Basic aHR0cHdhdGNoDmY=
Firstly, these are standard headers for HTTP 1.1. Secondly, there is the Authorization header, which has the mandatory word
Basic and an encoded phrase after the space. This phrase consists of a username and password, encoded in base64:
That's all that's needed. After sending the correct data, authentication takes place, and you can enter the site or page you have accessed.
The Hexlet support team or other students will answer you.
A professional subscription will give you full access to all Hexlet courses, projects and lifetime access to the theory of lessons learned. You can cancel your subscription at any time.
Programming courses for beginners and experienced developers. Start training for free
Our graduates work in companies:
Sign up or sign in
Ask questions if you want to discuss a theory or an exercise. Hexlet Support Team and experienced community members can help find answers and solve a problem.