Basic authentication of HTTP protocol 2--turn

The HTTP protocol is stateless and can be identified by COokie between the browser and the Web server .

How are desktop applications (such as the Sina Desktop client, SkyDrive client) and the Web server identified?

what is HTTP Basic authentication

Desktop applications also interact with Web servers through the HTTP protocol

Desktop applications typically do not use cookies, but instead place the "username + colon + password" in the header authorization of the HTTP request with a BASE64 encoded string, which is called HTTP Basic authentication (basic Authentication)

When a browser accesses a website that uses basic authentication, the browser prompts you for a user name and password, such as

If the user name password is incorrect, the server will return 401 as

The process of HTTP Basic authentication

The first step: The client sends an HTTP request to the server,

Step two: Because the request does not contain the authorization header, the server returns a 401 unauthozied to the client and adds information to the response header "Www-authenticate".

The third step: the client to the user name and password with BASE64 encoding, placed in the authorization header sent to the server, authentication success.

The fourth step: the server will authorization header of the user name password out, to verify, if the authentication through, according to the request, send resources to the client

Using the Auth tab under Fiddler inspectors, you can easily see the user name and password:

HTTP Basic authentication, simple and clear. Rest API is a common use of basic authentication

The HTTP protocol is stateless and requires authentication for each request from the same client to the server

HTTP Basic authentication and HTTPS

The "User name + colon + password" with BASE64 encoded string although with the naked eye can not be seen, but the program is easy to decrypt, you see Fiddler directly to decrypt. So HTTP request on the network, if the use of HTTP transmission is very insecure. Generally will be used HTTPS transmission, HTTPS is encrypted, so it is more secure.

HTTP OAuth AuthenticationOAuth for HTTP, is not the user name password in the authorization header, but a token. Microsoft's SkyDrive is to use such a way, such as

Other certifications In addition to Basic authentication, as well as Digest Certification Digest Authentication, Wsse (ws-security) certification use of the clientThe client interacts with a site that uses Basic authentication. Very simple, the user name password is added to the authorization header. C#

String url = "Https://testsite"; HttpWebRequest req = (HttpWebRequest) webrequest.create (URL); NetworkCredential NC = new NetworkCredential ("username", "password"); req. Credentials = NC;

Basic authentication of HTTP protocol 2--turn