i was reading a write up with code example which was showing how to implement basic authentication with api. the article link is https://www.infoworld.com/article/2990800/application-architecture/implement-http-authentication-in-web-api.html
see their client side code from where they are sending credentials to server.
public void BasicAuthenticationTest()
{
string username = Convert.ToBase64String(Encoding.UTF8.GetBytes("joydip"));
string password = Convert.ToBase64String(Encoding.UTF8.GetBytes("joydip123"));
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Authorization", username + ":" + password);
var result = client.GetAsync(new Uri("http://localhost/IDG/api/default/")).Result;
Assert.IsTrue(result.IsSuccessStatusCode);
}
specially see this line client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Authorization", username + ":" + password);
there is no basic word exist after Authorization word....so how does it work?
rather signature should look like Authorization: Basic anNtaXRoOlBvcGNvcm4=
so please some one give me some knowledge about it.
last question can we return a token from server side in case of basic auth? if possible share some knowledge how to return token in case of basic auth.
thanks
An API is free to implement authorization in any way it wants. The scheme "Basic" is used by IIS on Windows to confirm a user account is correct but an API can use any scheme, or none.
There is nothing special about "Basic" other than it is a common convention. As long as the parameter value of the Authorization header is what is expected by the API it should work.