HTTP Basic Authentication for Python

HTTP Basic Authentication for Python
1. HTTP Basic Authentication:

During HTTP Communication, the HTTP protocol defines the basic authentication process to allow the HTTP server to authenticate users for WEB browsers, when a client sends a data request to the HTTP server, if the client is not authenticated, the HTTP server verifies the user name and password of the client through the basic authentication process to determine whether the user is legal.

After receiving the authentication requirements of the HTTP server, the client prompts the user to enter the user name and password, and then encrypts the user name and password with BASE64, the encrypted ciphertext will be appended to the request information. For example, if the user name is Paul and the password is 123456, the client will merge the user name and password, then, the merged string is encrypted with BASE64 as the ciphertext, And the ciphertext is appended to the Request Header each time the data is requested. After each request packet is received, the HTTP server obtains the user information appended to the client according to the protocol, unpacks the packet, verifies the user name and password, and if the user name and password are correct, return the data required by the client; otherwise, Error Code 401 is returned, requiring the user to re-provide the user name and password.

Ii. BSAIC authentication process:

1. The client requests data from the server. The request content may be a webpage or another MIME type. In this case, if the client has not been verified, the client provides the following request to the server:

 

         Get/index.html HTTP/1.0         Host:www.baidu.com

2. the server sends the verification Request Code 401 to the client. The data returned by the server is as follows:

 

        HTTP/1.0 401 Unauthorised        Server: SokEvo/1.0        WWW-Authenticate: Basic realm="google.com"        Content-Type: text/html        Content-Length: xxx

3. When a client that complies with http1.0 or 1.1 specifications (such as IE and FIREFOX) receives the 401 return value, a logon window pops up automatically asking the user to enter the user name and password.

4. after the user enters the user name and password, the user name and password are encrypted in BASE64 encryption mode, and the ciphertext is placed in the previous request information, the first request sent by the client is changed to the following content:

        Get /index.html HTTP/1.0        Host:www.google.com        Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxx

5. after receiving the preceding request information, the server extracts and decrypts the user information in the Authorization field, and compares the decrypted user name and password with the user database for verification. For example, if the user name and password are correct, the server sends the requested resource to the client based on the request.

Iii. disadvantages of BASIC Authentication:

HTTP Basic Authentication aims to provide simple user authentication functions. The authentication process is simple and clear, and is suitable for authentication on the configuration page of routers in systems and devices with low security requirements, almost all adopt this method. The disadvantage is that there is no flexible and reliable authentication policy. For example, the domain authentication function cannot be provided. In addition, the BASE64 encryption strength is very low, so it can be said that sohu search can only be prevented. Of course, HTTP Basic Authentication can also be combined with SSL to achieve a high security authentication system.

Iv. Python urllib2 Basic certification:

1. Add HTTP Header to implement:

         import urllib2         from base64 import encodestring         url = 'http://XXX.XXX.X.XX'         user = 'a'         passwd = 'aa'          req = urllib2.Request(url)         basestr = encodestring('%s:%s' % (user,passwd))[:-1]         req.add_header('Authorization','Basic %s' % basestr)         f = urllib2.urlopen(req)

2. Implemented through handler:

Import urllib2 url = 'HTTP: // XXX. XXX. x. XX 'user = 'A' passwd = 'A' hdlr = urllib2.HTTPBasicAuthHandler () hdlr. add_password ('hello', url, user, passwd) # Add realm opener = urllib2.build _ opener (hdlr) urllib2.install _ opener (opener) f = urllib2.urlopen (url) for more general purpose, we use the HTTPPasswordMgrWithDefaultRealm Password Manager to implement: import urllib2 url = 'HTTP: // XXX. XXX. x. XX 'user = 'A' passwd = 'A' psmg = urllib2.HTTPPasswordMgrWithDefaultRealm () psmg. add_password (None, url, user, passwd) hdlr = encrypt (psmg) opener = urllib2.build _ opener (hdlr) urllib2.install _ opener (opener) f = urllib2.urlopen (url)