Basic access authentication: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 17:03, 18 February 2025 edit 38.50.130.52 (talk) →Features Tag: Reverted ← Previous edit		Latest revision as of 20:05, 24 August 2025 edit undo 83.135.9.17 (talk) →Protocol: improved style Tags: Mobile edit Mobile app edit Android app edit App section source
(8 intermediate revisions by 6 users not shown)
Line 7: == Features == HTTP Basic authentication (BA) implementation is the simplest technique for enforcing [[access controls]] to web resources because it does not require [[HTTP cookie\|cookies]], session identifiers, or login pages; rather, HTTP Basic authentication uses standard fields in the [[HTTP header]]. ~~qwsadafsfdasfafa~~ == Security == Line 14: Because the BA field has to be sent in the header of each HTTP request, the web browser needs to [[Cache (computing)\|cache]] credentials for a reasonable period of time to avoid constantly prompting the user for their username and password. Caching policy differs between browsers. HTTP does not provide a method for a web server to instruct the client to "log out" the user. However, there are a number of methods to clear cached credentials in certain web browsers. One of them is redirecting the user to a URL on the same ___domain, using credentials that are intentionally incorrect. However, this behavior is inconsistent between various browsers and browser versions.<ref name=":0">{{cite web \| url=https://stackoverflow.com/questions/31326/is-there-a-browser-equivalent-to-ies-clearauthenticationcache \| title=Is there a browser equivalent to IE's ClearAuthenticationCache? \| publisher=StackOverflow \| access-date=March 15, 2013}}</ref>{{Better source needed\|reason=The current source is user-generated and is insufficiently reliable ([[WP:NOTRS]]).\|date=March 2025}} [[Internet Explorer\|Microsoft Internet Explorer]] offers a dedicated JavaScript method to clear cached credentials:<ref>{{cite web \| url=https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/hh801226(v=vs.85)#idmclearauthenticationcache \| title=<code>IDM_CLEARAUTHENTICATIONCACHE</code> command identifier \| publisher=Microsoft \| access-date=March 15, 2013}}</ref> <syntaxhighlight lang="html"> Line 58: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== </code> <syntaxhighlight lang="python"> 'Basic ' + base64.b64encode(f"{<clientid>}:{<client secret key>}".encode()).decode() </syntaxhighlight> == See also ==