basic-authentication

HTTP Basic Authentication – what’s the expected web browser experience?

by

When a server allows access via Basic HTTP Authentication, what is the experience expected to be in a web browser? Ignoring the web browser for a moment, here’s how to create a Basic Auth request with curl: curl -u myusername:mypassword http://somesite.com But what about in a Web Browser? What I’ve seen on some websites, is … Read more

HTTP Basic Authentication credentials passed in URL and encryption

by

I have a question about HTTPS and HTTP Authentication credentials. Suppose I secure a URL with HTTP Authentication: <Directory /var/www/webcallback> AuthType Basic AuthName “Restricted Area” AuthUserFile /var/www/passwd/passwords Require user gooduser </Directory> I then access that URL from a remote system via HTTPS, passing the credentials in the URL: https://gooduser:[email protected]/webcallback?foo=bar Will the username and password be … Read more

How to define the basic HTTP authentication using cURL correctly?

by

I’m learning Apigility (Apigility docu -> REST Service Tutorial) and trying to send a POST request with basic authentication via cURL: $ curl -X POST -i -H “Content-Type: application/hal+json” -H “Authorization: Basic YXBpdXNlcjphcGlwd2Q=” http://apigilityhw.sandbox.loc/status YXBpdXNlcjphcGlwd2Q= is the base 64 encoded string with my credentials apiuser:apipwd. The credentials are saved in the /data/htpasswd (apiuser:$apr1$3J4cyqEw$WKga3rQMkxvnevMuBaekg/). The looks … Read more

How to log out user from web site using BASIC authentication?

by

Is it possible to log out user from a web site if he is using basic authentication? Killing session is not enough, since, once user is authenticated, each request contains login info, so user is automatically logged in next time he/she access the site using the same credentials. The only solution so far is to … Read more