Basic Authentication

Tram Ho


Hi everyone, it’s been a long time since I’ve released a new article. Partly because it was too busy, partly due to laziness, another part was due to not having any idea for your articles. This is my batch is systematizing all knowledge from basic to advanced so this will be a series of Authentication my. The beginning of this part is like the title you see: BASIC AUTHENTICATION

Post structure:



  • A process of presenting your login information to the system and the system that authenticates your login information. This information tells the system who you are. Allow the system to guarantee and confirm user identities. Here the system could be anything, it could be a computer, a phone, a bank or any physical office facility.

Basic authentication

  • Understandably, it is a method to authenticate users when accessing resources via HTTP (s)
  • Login information is included with each request
  • The header structure will have more: Authorization: Basic <Base 64 endcode {username:password}>

2. How it works

Step 1

The user who accesses the URL (URL) is protected by basic authentication

Step 2

Is the server checking if the request has an Authorization header and is the username and password valid?

  • If valid, return status: 200, and allow access

  • If not, then return status: 401 Unauthorized

  • Note:

Khi server trả response cho client, thì có kèm theo 1 chuỗi là www-authenticate: Basic realm="MyApp"

Step 3

  • The browser recognizes www-authenticate in the return header, then displays a dialog box for the login information (usually the dialog box appears on the top right of the page)

Step 4

  • User submits login information. The browser encodes using Base64, then encloses the request’s header. The login information is in the form of Authorization: Basic <Base 64 endcode {username:password}>

Step 5

  • Return to step 2 .

3. Some concepts around, note

  • Realm : A group of websites that share the same login information. The browser can cache valid logins for realm. Can be used again in the future. (Of course, the browser will not do this automatically, but will ask if you agree to do it)

  • “MyApp” : The value of realm, can be any text, because the server is responsible for defining realms and handling user authentication.
  • Basic Authentication is not considered secure when not used in conjunction with TLS / HTTPS (I will have an article on this later). The reason is simple, anyone can retrieve and decode your credentials (Because base64 encryption is quite simple, there are many decoders on the internet right now)

4. Conclusion

  • Basic Authentication is the most basic authentication method you should know.
  • Although basic, but until now, some websites still use this method to authenticate users.

Thank you for reading the article to the end. I look forward to your suggestions so I can stay in the next article. Dear!

Original article:

Reference source:

Share the news now

Source : Viblo