HTTP protocol Basic Authentication authorization

The HTTP protocol is stateless and can be identified by a cookie between the browser and the Web server. How are desktop applications (such as the Sina Desktop client, SkyDrive client) and the Web server identified?

what is HTTP Basic authentication

Desktop applications also interact with the Web server via the HTTP protocol, and desktop applications generally do not use cookies, but instead place the "username + colon + password" in the header of the HTTP request with a BASE64 encoded string Authorization sent to the server, this way is called HTTP Basic authentication (Basic authentication).

the process of basic certification of TTP

The first step: The client sends an HTTP request to the server.

Step two: Because the request does not contain the authorization header, the server returns a 401 unauthozied to the client and adds information to the response header "Www-authenticate".

The third step: the client to the user name and password with BASE64 encoding, placed in the authorization header sent to the server, authentication success.

The fourth step: the server will authorization the header of the user name password out, to verify, if the authentication passes, according to the request, will send resources to the client.

Note: The HTTP protocol is stateless and requires authentication for each request from the same client to the server

HTTP Basic authentication and HTTPS

The "User name + colon + password" with BASE64 encoded string although the naked eye can not be seen, but the program is easy to decrypt. So HTTP request on the network, if the use of HTTP transmission is very insecure. Generally will be used HTTPS transmission, HTTPS is encrypted, so it is more secure.

OAuth for HTTP, the authorization header is not the user name password, but a token.

HTTP protocol Basic Authentication authorization