Register to get access to free programming courses with interactive exercises

Basic Authentication HTTP Protocol

HTTP has a feature called basic authentication. It works as follows.

When you visit a specific page or site that requires authentication, you'll see an authorization window. The window is rendered by the browser and requires you to enter a name and password. I haven't seen any ways to influence the design of this window.

Usually, if you enter incorrect data, the browser will request them again. And if you click Cancel, then you'll get an error 401. Any attempt to access a page that requires basic authorization will get a 401 response. However, there's no difference between sending a form with incorrect data and clicking Cancel.

As a result, the browser renders this form when it encounters a 401 error. It works very simply: either you send the correct header (correct data), or you get a 401 error. No magic, no ways to get around it.

Let's see what data is required for such an interaction:

HTTP/1.1 401 Access Denied
WWW-Authenticate: Basic realm="My Server"
Content-Length: 0

You can't log in, and you'll see Access Denied and the following header from the WWW-Authenticate: Basic realm="My Server". There is a key in this header, whose value is displayed in the dialog box. It isn't used anywhere else.

After entering your username and password, the following headers will be sent:

GET /securefiles/ HTTP/1.1
Host: www.httpwatch.com
Authorization: Basic aHR0cHdhdGNoDmY=

Firstly, these are standard headers for HTTP 1.1. Secondly (and this is the most important part), the Authorization, header, which has the mandatory word Basic and an encoded phrase after the space. This phrase consists of a username and password — <username>:<password>, encoded in base64.

That's all that's needed. After sending the correct data, authentication takes place, and you can enter the site or page you have accessed.


Recommended materials

  1. Basic access authentication

Hexlet Experts

Are there any more questions? Ask them in the Discussion section.

The Hexlet support team or other students will answer you.

About Hexlet learning process

For full access to the course you need a professional subscription.

A professional subscription will give you full access to all Hexlet courses, projects and lifetime access to the theory of lessons learned. You can cancel your subscription at any time.

Get access
130
courses
1000
exercises
2000+
hours of theory
3200
tests

Sign up

Programming courses for beginners and experienced developers. Start training for free

  • 130 courses, 2000+ hours of theory
  • 1000 practical tasks in a browser
  • 360 000 students
By sending this form, you agree to our Personal Policy and Service Conditions

Our graduates work in companies:

<span class="translation_missing" title="translation missing: en.web.courses.lessons.registration.bookmate">Bookmate</span>
<span class="translation_missing" title="translation missing: en.web.courses.lessons.registration.healthsamurai">Healthsamurai</span>
<span class="translation_missing" title="translation missing: en.web.courses.lessons.registration.dualboot">Dualboot</span>
<span class="translation_missing" title="translation missing: en.web.courses.lessons.registration.abbyy">Abbyy</span>
Suggested learning programs

From a novice to a developer. Get a job or your money back!

Frontend Developer icon
Profession
beginner
Development of front-end components for web applications
start anytime 10 months

Use Hexlet to the fullest extent!

  • Ask questions about the lesson
  • Test your knowledge in quizzes
  • Practice in your browser
  • Track your progress

Sign up or sign in

By sending this form, you agree to our Personal Policy and Service Conditions
Toto Image

Ask questions if you want to discuss a theory or an exercise. Hexlet Support Team and experienced community members can help find answers and solve a problem.