Content deleted Content added
→External links: oh this does pass through. wonder what happened last time Tags: Mobile edit Mobile web edit Advanced mobile edit |
geez i must just be blind Tags: Mobile edit Mobile web edit Advanced mobile edit |
||
Line 26:
=== Server side ===
When the server wants the user agent to authenticate itself towards the server after receiving an unauthenticated request, it must send a response with a ''HTTP 401 Unauthorized'' status line<ref>{{cite IETF|rfc= 1945 |section =11|title=Access Authentication||publisher=IETF|access-date=3 February 2017|page=46|date=May 1996 |publisher = [[Internet Engineering Task Force]]}}</ref> and a ''WWW-Authenticate'' header field.<ref>{{cite IETF|rfc=1945|section=10.16|title=Hypertext Transfer Protocol -- HTTP/1.0|last1=Fielding|first1=Roy T.|last2=Berners-Lee|first2=Tim|first3=Frystyk|last3=Henrik|author-link1=Roy Fielding|author-link2=Tim Berners-Lee|publisher = Internet Engineering Task Force}}</ref>
The ''WWW-Authenticate'' header field for basic authentication is constructed as following:
Line 45:
When the user agent wants to send authentication credentials to the server, it may use the ''Authorization'' header field.
The ''Authorization'' header field is constructed as follows:<ref name="RFC7617">{{cite IETF|rfc=7617|section=2.1|title=The 'Basic' HTTP Authentication Scheme|first=Julian|last=Reschke|publisher = Internet Engineering Task Force}}</ref>
# The username and password are combined with a single colon ({{code|:}}). This means that the username itself cannot contain a colon.
| |||