HTTP Basic Authorization

In HTTP, basic authorization is a form of login authentication that allows a Web browser or other client program to provide credentials in the form of a user name and password when requested.

Before sending, a colon is appended with the user name and then the password is threaded, and the resulting string is then encoded with the BASE64 algorithm. For example, the user name provided is Aladdin, the password is open sesame, then the result of stitching is aladdin:open sesame, and then Base64 encoded, to get qwxhzgrpbjpvcgvuihnlc2ftzq==. The BASE64 encoded string is eventually sent out, and the recipient decodes a string of user names and passwords separated by colons.

Although the BASE64 algorithm encoding of user names and passwords is difficult to decode with the naked eye, it can still be easily decoded by the computer, just as it is easily encoded. The purpose of encoding this step is not security and privacy, but rather to convert incompatible characters in the user name and password to a character set that is compatible with the HTTP protocol.

------Wikipedia

A typical HTTP client and HTTP Server dialog, the server installed on the same computer (localhost), contains the following steps:

• The client requests a page that requires authentication, but does not provide a user name and password. This is usually the user entering a URL in the address bar or opening a link to that page.
• The server responds with a 401 ACK code and provides an authentication domain.
• After receiving an answer, the client displays the authentication domain (usually the description of the computer or system being accessed) to the user and prompts for a user name and password. At this point the user can choose to confirm or cancel.
• After the user has entered the user name and password, the client software adds the authentication message header (the value is Base64Encode (username+ ":" +password)) to the original request, and then re-sends the attempt again.
• In this example, the server accepts the authentication screen and returns the page. If the user credentials are illegal or invalid, the server may return a 401 answer code again, and the client can prompt the user for a password again.

An HTTP request that contains Basic authentication:

get/private/index.html Http/1.0host:localhostauthorization:basic qwxhzgrpbjpvcgvuihnlc2ftzq==

Base64

The Base64 module in Python can encode/decode binary data into text via base64, BASE32, or base 16 encoding.

The user name in the example above is "Aladdin" and the password is "open sesame":

>>> Import base64>>> Print base64.b64encode (' aladdin:open sesame ') qwxhzgrpbjpvcgvuihnlc2ftzq== >>> print Base64.b64decode (' qwxhzgrpbjpvcgvuihnlc2ftzq== ') Aladdin:open Sesame

Urllib2

The Python standard library uses URLLIB2 to process Basic authentication. Urllib2. The Httpbasicauthhandler () handler can use Add_password () to set up authentication.

H.add_password (REALM,URI,USER,PASSWD)

Realm is the name or description information associated with authentication, depending on the remote server. The URI is the base URL. User and passwd specify a username and password, respectively.

Import Urllib2auth=urllib2. Httpbasicauthhandler () Auth.add_password (' Administrator ', ' http://www.example.com ', ' Dave ', ' 123456 ') opener= Urllib2.build_opener (auth) u=opener.open (' http://www.example.com/evilplan.html ')

Source code in the Base64 encoding method:

Raw = "%s:%s"% (user, pw) auth = ' Basic%s '% Base64.b64encode (raw). Strip ()

Requests

There is also a very common requests library, which handles Basic authentication:

Import requestsrequests.get (' Https://api.github.com/user ', Auth=requests.auth.httpbasicauth (' user ', ' pass ')

Because HTTP Basic auth is common, you can also verify it directly:

>>> requests.get (' Https://api.github.com/user ', auth= (' user ', ' Pass ')) <response [200]>

or use request. Session () To maintain the authentication status:

s = requests. Session () S.auth = (' user ', ' Pass ') s.get (' http://httpbin.org/')   

Source code in the Base64 encoding method:

def _basic_auth_str (username, password): "" "    Returns a basic auth string.    " " Return ' Basic ' + base64.b64encode (('%s:%s '% (username, password)). Encode (' Latin1 '). Strip (). Decode (' Latin1 ')

　　

HTTP Basic Authorization