[En-Nut-Discussion] Basic Authentication on HTTP/1.0
Leo Hendrawan
leo.hendrawan at gmail.com
Thu Jun 16 04:42:49 CEST 2005
On 6/10/05, Harald Kipp <harald.kipp at egnite.de> wrote:
> Hi Leo,
>
> You may check the CGI samples on
> http://ispf.dyndns.org:8000/
> with Ethereal.
> (Arthernet Board running Nut/OS)
>
> Harald
>
Hello everyone,
First of all, thanks to Mr. Harald for giving the references, it seems that
i've made some mistakes.
For HTTP/1.0 basic authentication scheme, it should be like this:
- client initiates TCP connection
- client sends request, which may look like this:
GET /index.html HTTP/1.0
.......
(usually without Authentication input)
- server checks for the basic authentication input, which may look like
this:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
(user name "Aladdin", password "open sesame")
if the server doesn't find this line,
it will send "HTTP/1.0 401 Unauthorized" header and closes the connection
(which i didn't do previously in my web server)
- the web browser program will then prompt a username-password input
window,.
- after the user give the inputs, the web browser program (client) will
initiate another TCP connection
and send tha basic authentication input (encoded with base64 method).
- the server accepts new request includes basic authentication line input,
and checks it.
If the username and password is acceptable, the server will send "HTTP/1.0
200 Ok" header
and html data. Otherwise it will send another "HTTP/1.0 401 Unauthorized"
header.
There it goes. It works for me, and I hope this email will be usefull for
someone...
Cheers,
-Leo-
More information about the En-Nut-Discussion
mailing list