HTTP Basic Authorization, basicauthorization

Source: Internet
Author: User

HTTP Basic Authorization, basicauthorization

In HTTP, Basic Authorization Basic authentication is a logon authentication method that allows Web browsers or other client programs to provide identity creden。 in the form of user names and passwords during requests.

Before sending the message, append a colon with the user name, connect the string to the password, and encode the result string with Base64. For example, if the provided username is Aladdin and the password is open sesame, the result after splicing is Aladdin: open sesame, which is then encoded with Base64 to obtain QWxhZGRpbjpvcGVuIHNlc2FtZQ =. Finally, the Base64 encoded string is sent out, and the receiver decodes a string of usernames and passwords separated by colons.

Although the Base64 Algorithm for user names and passwords is difficult to identify and decode with the naked eye, it can still be easily decoded by computers, just as it is easy to code. The purpose of encoding is not security and privacy, but to convert incompatible characters in the user name and password into character sets that are both HTTP-compatible.

------ Wikipedia

A typical dialog between an HTTP client and an HTTP server. The server is installed on the same computer (localhost) and includes the following steps:

  • The client requests a page that requires identity authentication, but does not provide the user name and password. This is usually because the user enters a URL in the address bar or opens a link pointing to the page.
  • The server responds to a 401 response code and provides an authentication domain.
  • After receiving a response, the client displays the authentication domain (usually the description of the computer or system accessed) to the user and prompts you to enter the user name and password. In this case, you can select OK or cancel.
  • After the user enters the user name and password, the client software will add the authentication message header (value: base64encode (username + ":" + password) on the original request )), then try again.
  • In this example, the server accepts the authentication screen and returns the page. If the user creden are invalid or invalid, the server may return the 401 response code again. The client can prompt the user to enter the password again.

An HTTP request containing basic authentication:

GET /private/index.html HTTP/1.0Host: localhostAuthorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

Base64

The base64 module in Python can use base64, base32, or base 16 encoding to encode/decode binary data into text.

In the preceding example, the user name is "Aladdin" and the password is "open sesame ":

>>> import base64>>> print base64.b64encode('Aladdin:open sesame')QWxhZGRpbjpvcGVuIHNlc2FtZQ==>>> print base64.b64decode('QWxhZGRpbjpvcGVuIHNlc2FtZQ==')Aladdin:open sesame

Urllib2

The python standard library uses urllib2 to process basic authentication. The urllib2.HTTPBasicAuthHandler () handler can use add_password () to set authentication.

H. add_password (realm, uri, user, passwd)

Realm is the name or description associated with the verification, depending on the remote server. Uri is the base URL. User and passwd specify the user name and password respectively.

import urllib2auth=urllib2.HTTPBasicAuthHandler()auth.add_password('Administrator','http://www.example.com','Dave','123456')opener=urllib2.build_opener(auth)u=opener.open('http://www.example.com/evilplan.html')

Base64 encoding in source code:

raw = "%s:%s" % (user, pw)auth = 'Basic %s' % base64.b64encode(raw).strip()

Requests

There is also a very common requests library, which handles Basic Authentication:

import requestsrequests.get('https://api.github.com/user', auth=requests.auth.HTTPBasicAuth('user', 'pass'))

Because HTTP Basic Auth is very common, you can also directly verify it:

>>> requests.get('https://api.github.com/user', auth=('user', 'pass'))<Response [200]>

Or use request. Session () to maintain the authentication status:

s = requests.Session()s.auth = ('user', 'pass')s.get('http://httpbin.org/')   

Base64 encoding in source code:

def _basic_auth_str(username, password):    """Returns a Basic Auth string."""    return 'Basic ' + base64.b64encode(('%s:%s' % (username, password)).encode('latin1')).strip().decode('latin1')

  


The auth_basic authentication (http Basic Authorization) of apache Http server is integrated with the web System for authentication.

Don't ask these technical questions here. A lot of people may have answered these questions by mistake. You can ask questions from professional forums such as CSDN. Maybe someone may have asked you a similar question.
 
When java calls webservice, it needs to verify HTTP Basic Authorization. The webservice client is generated by eclipse as follows:

Service service = new Service (); Call call Call = (Call) service. createCall (); call. setTargetEndpointAddress (url); call. setUsername (username); call. setPassword (password); you can set it directly if you haven't tried it ~


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.