1 / 14

Basic Authentication

Basic Authentication. Herng-Yow Chen. Explains HTTP authentication Delve into the most common form of HTTP authentication, basic authentication . The next lecture explains a more powerful techniques called digest authentication. Outline.

stamos
Download Presentation

Basic Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Basic Authentication Herng-Yow Chen

  2. Explains HTTP authentication Delve into the most common form of HTTP authentication, basic authentication. The next lecture explains a more powerful techniques called digest authentication. Outline

  3. Authentication means showing some proof of your identification, actually some proof that you claim to be. HTTP provides a native challenges / response framework to make it easy to authenticate users. Authentication

  4. Simplified challenge/response Authentication Please give me the internal sales forecast. Internet Request client server You requested a secret Financial document.Please tell me your username and password Internet Challenge client server (Ask user for password) Please give me the internal sales forecast. Here is my username and Password:”******” Internet Authorization client server OK.You have access right. Here is the document. Internet Success client server

  5. Authentication Protocols and Headers Four phases of authentication If the secret credentials don’t match, the server can challenge the client again or generate an error.

  6. Basic authentication example client server (a) GET /family/jeff.jpg HTTP/1.0 HTTP/1.0 401 Authorization required WWW-Authenticate: Basicrealm=“Family” (b) GET /family/jeff.jpg HTTP/1.0 Authenticate: Basic Ydre3lkL56H7gdffvh (c) HTTP/1.0 200 OK Content-type: img/jpeg …<image data included> (d)

  7. Security realms in a web server family Jeff.jpg brian.jpg / Family realm corporate Index.html press financials server pr2.html pr1.html Sales-forecast.xls Corporate financials realm

  8. Basic authentication headers

  9. Base-64 Username/Password Encoding username (a) Prompt for username and password passwd! Brian-tooty (b) Pack username and password with colon Brian-tooty:Ow! Ow! (c) Base 64 encode BASE64ENC(brian-totty:Ow!) YnJpYW4tdG90Hk6T3ch (d) Send authorization GET /family/jeff.jpg HTTP/1.0 Authorization: Basic YnJpYW4tdG90Hk6T3ch client server

  10. Takes a sequence of 8-bit bytes and segments the bit streams into 6-bit chunks. Base-64 alphabet 64 alphabets: A-Z, a-z, 0-9, +, / The 65th alphabet = for padding http://www.freesoft.org/CIE/RFC/2065/56.htm http://tw2.php.net/base64_encode Base-64 Encoding

  11. Authentication also can be done by intermediary proxy servers. Some organizations use proxy server to authenticate users before letting them access servers, LANs, and wireless network. Proxy servers can be a convenient way to provide unified access control across an organization’s resources, because access policies can be centrally administered on the proxy server. The first step in this process is to establish the identify via proxy authentication. Proxy authentication

  12. Web server versus proxy authentication

  13. Base-64 encoding just obscures the username and password but encrypts them in a secure form. The security flaws of basic authentication

  14. http://www.ietf.org/rfc/rfc2617.txt “HTTP Authentication: Basic and Digest Access Authentication” http://www.ietf.org/rfc/rfc2616.txt “Hypertext Transfer Protocol -- HTTP/1.1” For More Information

More Related