Codingmentor Developer's Forum / Operating Systems / Linux Help / How authentication work between web server and Browser

Post Reply  Post Thread 
How authentication work between web server and Browser
Author Message
admin
~CM~
*******


Posts: 147
Group: Administrators
Joined: Jul 2007
Status: Offline
Reputation: 0
Thank 0
2 was given thank in 2 posts
Post: #1
How authentication work between web server and Browser

This is from apache.org

When a particular resource has been protected using basic authentication, Apache sends a 401 Authentication Required header with the response to the request, in order to notify the client that user credentials must be supplied in order for the resource to be returned as requested.

Upon receiving a 401 response header, the client’s browser, if it supports basic authentication, will ask the user to supply a username and password to be sent to the server. If you are using a graphical browser, such as Netscape or Internet Explorer, what you will see is a box which pops up and gives you a place to type in your username and password, to be sent back to the server. If the username is in the approved list, and if the password supplied is correct, the resource will be returned to the client.

Because the HTTP protocol is stateless, each request will be treated in the same way, even though they are from the same client. That is, every resource which is requested from the server will have to supply authentication credentials over again in order to receive the resource.

Fortunately, the browser takes care of the details here, so that you only have to type in your username and password one time per browser session - that is, you might have to type it in again the next time you open up your browser and visit the same web site.

Along with the 401 response, certain other information will be passed back to the client. In particular, it sends a name which is associated with the protected area of the web site. This is called the realm, or just the authentication name. The client browser caches the username and password that you supplied, and stores it along with the authentication realm, so that if other resources are requested from the same realm, the same username and password can be returned to authenticate that request without requiring the user to type them in again. This caching is usually just for the current browser session, but some browsers allow you to store them permanently, so that you never have to type in your password again.

The authentication name, or realm, will appear in the pop-up box, in order to identify what the username and password are being requested for.

Thanks & Regards
------------------
~CM~

ADD TO DEL.ICIO.US  ADD TO DIGG  ADD TO FURL  ADD TO NEWSVINE  ADD TO NETSCAPE 
ADD TO TECHNORATI FAVORITES  Technorati ADD TO SQUIDOO  ADD TO WINDOWS LIVE  ADD TO YAHOO MYWEB  ADD TO ASK 
ADD TO REDDIT  ADD TO STUMBLEUPON  ADD TO GOOGLE   

07-25-2007 03:13 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply  Post Thread 

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Ban an IP Address From The Server admin 0 594 09-28-2007 11:58 PM
Last Post: admin
  Quick Log server configuration admin 0 712 07-25-2007 03:41 AM
Last Post: admin
  WWW Browser for the Terminal Session admin 0 330 07-24-2007 06:50 PM
Last Post: admin
  Server migration script Nilesh 0 892 07-16-2007 07:48 PM
Last Post: Nilesh
  Configure Quota on RedHat server Nilesh 0 662 07-15-2007 10:55 AM
Last Post: Nilesh
  Server boot process Nilesh 0 583 07-15-2007 09:53 AM
Last Post: Nilesh

View a Printable Version
Send this Thread to a Friend
Subscribe to this Thread | Add Thread to Favorites
Forum Jump:


Contact Us | Codingmentor | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication| Privacy Policy