Workflow for Basic authentication [HTTP]

The basic authentication of HTTP involves two fields, one is the request field Authorization;

Authorization:basic xxx

One is the response field Www-authenticate

Www-authenticate:basic realm= "xxx"

1. When the browser tries to access a resource that requires authentication, the request message is sent in the normal form;

2. However, the server will return a http/1.1 401 Unauthorized response message with the Www-authenticate field, which may carry entities, but the General browser will not render the page;

http/1.1 401 Unauthorizedserver:nginx/1.9.9date:sat, 2018 05:32:18 gmtcontent-type:text/html; Charset=utf-8transfer-encoding:chunkedconnection:keep-alivex-powered-by:php/7.0.1www-authenticate:basic realm= " Git Server "

3. After the browser receives the message, the popup user password box asks the user to enter the account password;

4. After the user enters the account password to determine, the request message sends again, but at this time the message carries the Authorization field, it carries the account password which the user just entered (according to [User: password] form in series, then base64 the encoded string);

GET http://www.test1.com/test_19.php http/1.1host:www.test1.comconnection:keep-alivecache-control:max-age= 0authorization:basic d2fuzzoxmjm0nty=upgrade-insecure-requests:1user-agent:mozilla/5.0 (Windows NT 10.0; Win64; x64) applewebkit/537.36 (khtml, like Gecko) chrome/64.0.3282.186 Safari/537.36accept:text/html,application/xhtml+xml , Application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8accept-encoding:gzip, deflateaccept-language:zh-cn,zh;q= 0.9

5. The service side receives the message, determines whether the user input authentication is correct, if the correct return message will carry the entity, if is incorrect, returns the 2nd step;

Workflow for Basic authentication [HTTP]