Home > Developer > Python

HTTP Basic authentication for Python

Source: Internet
Author: User
Tags base64
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

First, the Basic authentication of http:

During the communication of the HTTP protocol, the HTTP protocol defines the Basic authentication process to allow the HTTP server to authenticate the user to the Web browser, and when a client makes data requests to the HTTP server, if the client is not authenticated, The HTTP server verifies the client's user name and password through the Basic authentication process to determine whether the user is legitimate.

After receiving the authentication request of the HTTP server, the client prompts the user to enter the user name and password, then encrypts the user name and password with BASE64, and the encrypted ciphertext will be appended to the request information, such as the user name is Paul, the password is: 123456, the client will use the username and password ":" Merge and encrypt the merged string into ciphertext with BASE64, and append the ciphertext to the request header each time the data is requested. When the HTTP server receives the request packet each time, according to the protocol to the client additional user information, unpack the package, after the user name and password verification, if correct, according to user needs, return the data required by the client; otherwise, an error code 401 is returned, requiring the user to re-supply the user name and password.

Second, the BSAIC certification process:

1. the client requests data from the server, the requested content may be a Web page or an additional MIME type, at which point the client provides the following request to the server, assuming that the client has not been authenticated:


         get/index.html http/1.0         Host:www.baidu.com

2. The server sends the authentication request code 401 to the client, which is probably the following data returned by the server:


        http/1.0 401 Unauthorised        server:sokevo/1.0        www-authenticate:basic realm= "google.com"        Content-Type: text/html        content-length:xxx

3.When a client (such as Ie,firefox) that complies with the HTTP1.0 or 1.1 specification receives a 401 return value, a login window is automatically ejected, requiring the user to enter a user name and password.

4.After the user enters the user name and password, encrypts the user name and password in BASE64 encryption, and puts the ciphertext into the previous request message, the first request message sent by the client becomes the following:
     
        get/index.html http/1.0        Host:www.google.com        authorization:basic xxxxxxxxxxxxxxxxxxxxxxxxxxxx

5.After the server receives the above request information, the user information after the authorization field is taken out and decrypted, the decrypted username and password are compared with the user database for verification, such as the user name and password are correct, and the server sends the requested resources to the client according to the request.

Third, the shortcomings of the basic certification:

The goal of HTTP Basic authentication is to provide simple user authentication function, the authentication process is simple and clear, suitable for the security requirements of the system and equipment, such as router configuration page authentication, almost all take this way. Its disadvantage is that there is no flexible and reliable authentication policy, such as the inability to provide domain authentication function, in addition, BASE64 encryption strength is very bottom, can say only to prevent Sohu search. Of course, HTTP Basic authentication can also be combined with SSL to achieve a higher security authentication system.

Iv. Python URLLIB2 Basic Certification:

1.This is done by adding an HTTP header: 

         Import URLLIB2 from         base64 import encodestring         url = ' Http://XXX.XXX. x.xx '         user = ' a '         passwd = ' AA '          req = urllib2. Request (URL)         basestr = encodestring ('%s:%s '% (USER,PASSWD)) [: -1]         req.add_header (' Authorization ', ' Basic%s ') % basestr)         f = urllib2.urlopen (req)

2.Through the handler to achieve: 

       Import urllib2        url = ' Http://XXX.XXX. x.xx '        user = ' a '        passwd = ' AA '        HDLR = urllib2. Httpbasicauthhandler ()        hdlr.add_password (' Hello ', url,user,passwd)  # #此处需添入realm        opener = Urllib2.build_opener (HDLR)        Urllib2.install_opener (opener)        f = urllib2.urlopen (URL)    In order to be more generic we use Httppasswordmgrwithdefaultrealm Password Manager to implement:        import urllib2        url = ' Http://XXX.XXX. x.xx '        user = ' a '        passwd = ' AA '        psmg = urllib2. Httppasswordmgrwithdefaultrealm ()         Psmg.add_password (none,url,user,passwd)        HDLR = Urllib2. Httpbasicauthhandler (PSMG)        opener = Urllib2.build_opener (HDLR)        Urllib2.install_opener (opener)        f = Urllib2.urlopen (URL)

Reference:
Http://www.csdn123.com/html/itweb/20131011/161459.htm

http://blog.itpub.net/23071790/viewspace-709367/


HTTP Basic authentication for Python

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
http basic authentication header http basic authentication http basic authentication example http basic authentication url what http basic authentication http basic authentication header username password authentication basic
Related Article
Python thread pause, resume, exit detail and Example _python
Python design mode-UML-Package diagrams (Package Diagram)
Python abstract class (ABC module)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More