basic HTTP authentication on subsequent requests
The image below depicts basic HTTP authentication. The client requests /family resource and it is asked to identify itself. It does and now it can access the /family. The client then also asks for /family/photos/kids resource which is in the family realm.
The client already identified itself for /family resource, but not also for /family/photos/kids. They are in the same realm, but the server doesn't know that the same client issued a request. Or does it? How does the server know that this particular client is also allowed to access /family/photos/kids on subsequent request? Is the password and username send on every request after the user has authenticated? Is the client asked for via pop-up for every request he/she makes? Are cookies set upon first authentication?
Basic authentication requires a header sent by client. No cookies or server session
When the client requests a resource, sends the Authorization header
GET /family
Authorization: Basic token
Where token is base64(username: password). Username followed by ':' and password encoded in base 64
If you are requesting a protected resourced from your browser for example a GET request, and you do not provide the header, the browser shows the autenticathion form and remember it for subsequent requests in the same domain
- What is the exact difference between content-type: text/json and application/json?
- API call returns HTML instead of JSON
- Cross Domain Form POSTing
- How to use spring's MockMultipartHttpServletRequest? Getting "no multipart boundary was found"
- Simple command-line http server for Single Page App
- Why did HTTP/2 introduce HPACK instead of compressing headers using gzip or something standard?
- Why do I get "The response ended prematurely" when using the HttpClient?
- How do you add query parameters to a Dart http request?
- When making an HTTP request, should I wait for the job to finish or make the job send another HTTP request back to me?
- How to solve SocketException: Failed host lookup: 'www.xyz.com' (OS Error: No address associated with hostname, errno = 7)
- Why is the initial connection time for a HTTP request so long?
- Why to use websocket and what is the advantage of using it?
- Why and how HTTP responses' status code matter?
- Python3 ThreadingHTTPServer fails to send chunked encoded response
- Real life usage of the X-Forwarded-Host header?
- What could cause "connect ETIMEDOUT" error when the URL is working in browser?
- SocketException: Connection failed (OS Error: Operation not permitted, errno = 1) with flutter app on macOS
- AWS Ec2- need to create VPC and Subnets before Ec2 instance?
- How is the missing path attribute of a cookie computed or handled in a Single Page Application?
- How to tell why a cookie is not being sent?
- urlencode an array of values
- Redirect HTTP to HTTPS on default virtual host without ServerName
- HTTP Status Code for Resource not yet available
- How can I test my Express app without running a live server?
- http.request body forwarding breaks request
- Why is my javascript bundle so slow to download?
- Does Jemeter supports HTTP streaming responses?
- HTTP requests not working on aws ec2
- Downloading a file from the command line using Python
- Is it ok to create entity in GET REST controller method with name getOrCreateIfNotExist?