HTTP Authorization

Others 2022-04-28 15:24:42 views: 0

An Authorization project was deployed today. Because the client id and password of the auth server were changed, and the front-end request header was not changed, a pop-up box kept asking for the user name and password when logging in, but the input was invalid, so the front-end code had to be changed. Just change it. The following are reference articles.

POST /goform/ser2netconfigAT HTTP/1.1

Host: 192.168.16.254
Connection: keep-alive
Authorization: Basic YWRtaW46YWRtaW4=  //The author's note, Authorization: "Basic username and password base64 encrypted string"   online codec tool

Content-Length: 23

 

uart=9600,8,n,1&save=1

 

Briefly describe the process of http auth in Chinese: the

client sends an http request
and the server finds that http auth is configured, so it checks whether there is an "Authorization" http header in the request
. The typical data of the header is "Authorization: Basic jdhaHY0=", where Basic represents basic authentication, and jdhaHY0= is the base64 encoded "user:passwd" string. If not, or the user password is incorrect, return the http code 401 page to the client.
After the standard http browser receives the 401 page, it should pop up a dialog box for the user to enter the account password; and when the user clicks to confirm, the request will be sent again. This time the request will bring the Authorization header

. A typical access scenario is:
The browser sends an http request (with no Authorization header). The
server returns a 401 page .
The browser pops up an authentication dialog box. The
user enters the account and password, and clicks to confirm
. The browser sends an http request again (with the Authorization header)
. When the
browser displays the page
using http auth, cookies will not be used, which means that the account and password information will be sent every time. Then we all know that base64 encoding is basically equal to plaintext. This weakens security.
Due to various shortcomings, http auth is not used much now. However, there are still applications in routers and other occasions, because http auth is the simplest and almost zero cost to use.
http auth is a neat option when you need to do access control and don't want to drag SSO, databases, etc.

http://blog.csdn.net/libaineu2004/article/details/38384487

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326402351&siteId=291194637
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com