www-authenticate is a simple user authentication technique.
Many verifications use this verification method, especially in the embedded field.
Advantages: Convenience
Disadvantages : The user name and password encryption method used in this authentication method during transmission is BASE-64, and the decoding process is very simple. If the password is sniffed, it is almost transparent.
After the server receives the request, it will first parse Whether the sent data contains:
Authorization: Basic XXXX=Data in this format
If there is no such header data
, the server will send HTTP header WWW-Authenticate: Basic realm="" to the browser,
asking browser to send legal The user name and password are sent to the server. In order to further inform the browser that this page needs to be authenticated, we still send a 401 error
Header ("HTTP/1.0 401 Unauthorized");
after the user enters the user name: admin and password: admin, the browser The data will be sent to the server in the following format: Authorization: Basic YWRtaW46YWRtaW4=
Authorization: Basic is the standard HTTP header for www-authenticate authentication.
YWRtaW46YWRtaW4= is the username and password encrypted by BASE-64.
The decrypted format is admin:admin
At this point we can use PHP's global variables to use them
$_SERVER['PHP_AUTH_USER'];
$_SERVER['PHP_AUTH_PW'];
routers do this
Many verifications use this verification method, especially in the embedded field.
Advantages: Convenience
Disadvantages : The user name and password encryption method used in this authentication method during transmission is BASE-64, and the decoding process is very simple. If the password is sniffed, it is almost transparent.
After the server receives the request, it will first parse Whether the sent data contains:
Authorization: Basic XXXX=Data in this format
If there is no such header data
, the server will send HTTP header WWW-Authenticate: Basic realm="" to the browser,
asking browser to send legal The user name and password are sent to the server. In order to further inform the browser that this page needs to be authenticated, we still send a 401 error
Header ("HTTP/1.0 401 Unauthorized");
after the user enters the user name: admin and password: admin, the browser The data will be sent to the server in the following format: Authorization: Basic YWRtaW46YWRtaW4=
Authorization: Basic is the standard HTTP header for www-authenticate authentication.
YWRtaW46YWRtaW4= is the username and password encrypted by BASE-64.
The decrypted format is admin:admin
At this point we can use PHP's global variables to use them
$_SERVER['PHP_AUTH_USER'];
$_SERVER['PHP_AUTH_PW'];
routers do this
if(!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW'])){
Header("WWW-Authenticate: Basic realm=\"USER LOGIN\"");
Header("HTTP/1.0 401 Unauthorized");
} else {
echo $_SERVER['PHP_AUTH_USER'];
echo $_SERVER['PHP_AUTH_PW'];
}--------------------------------------
http://tool.chinaz.com/Tools/Base64.aspx
For example, java http request authentication:
Base64 encryption: Z3Vlc3Q6Z3Vlc3Q=
表示:guest:guest
HttpGet httpGet = new HttpGet("http://192.168.1.10:55672/api/queues");
httpGet.setHeader("Authorization", "Basic Z3Vlc3Q6Z3Vlc3Q=");
try {
HttpResponse httpResponse = httpClient.execute(httpGet);
String res = EntityUtils.toString(httpResponse.getEntity());
} catch (Exception e) {
LOGGER.warn("http client fail", e);
return null;
}