[En-Nut-Discussion] Basic Authentication on HTTP/1.0

Leo Hendrawan leo.hendrawan at gmail.com
Thu Jun 16 04:42:49 CEST 2005


On 6/10/05, Harald Kipp <harald.kipp at egnite.de> wrote:
> Hi Leo,
> 
> You may check the CGI samples on
> http://ispf.dyndns.org:8000/
> with Ethereal.
> (Arthernet Board running Nut/OS)
> 
> Harald
> 

Hello everyone,

First of all, thanks to Mr. Harald for giving the references, it seems that 
i've made some mistakes.

For HTTP/1.0 basic authentication scheme, it should be like this:
- client initiates TCP connection
- client sends request, which may look like this: 
GET /index.html HTTP/1.0
.......
(usually without Authentication input)
- server checks for the basic authentication input, which may look like 
this:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
(user name "Aladdin", password "open sesame")
if the server doesn't find this line, 
it will send "HTTP/1.0 401 Unauthorized" header and closes the connection
(which i didn't do previously in my web server)
- the web browser program will then prompt a username-password input 
window,.
- after the user give the inputs, the web browser program (client) will 
initiate another TCP connection 
and send tha basic authentication input (encoded with base64 method).
- the server accepts new request includes basic authentication line input, 
and checks it. 
If the username and password is acceptable, the server will send "HTTP/1.0 
200 Ok" header 
and html data. Otherwise it will send another "HTTP/1.0 401 Unauthorized" 
header.

There it goes. It works for me, and I hope this email will be usefull for 
someone...
Cheers,

-Leo-



More information about the En-Nut-Discussion mailing list