Basic Authentication - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Basic Authentication

Description:

Authentication Protocols and Headers. 200 OK. Authorization-Info * Success. GET. Authorization ... Authorization: Basic base64-username-and-password. Response ... – PowerPoint PPT presentation

Number of Views:67
Avg rating:3.0/5.0
Slides: 15
Provided by: Mali6
Category:

less

Transcript and Presenter's Notes

Title: Basic Authentication


1
Basic Authentication
  • Herng-Yow Chen

2
Outline
  • Explains HTTP authentication
  • Delve into the most common form of HTTP
    authentication, basic authentication.
  • The next lecture explains a more powerful
    techniques called digest authentication.

3
Authentication
  • Authentication means showing some proof of your
    identification, actually some proof that you
    claim to be.
  • HTTP provides a native challenges / response
    framework to make it easy to authenticate users.

4
Simplified challenge/response Authentication
Please give me the internal sales forecast.
Internet
Request
client
server
You requested a secret Financial
document.Please tell me your username and
password
Internet
Challenge
client
server
(Ask user for password)
Please give me the internal sales forecast. Here
is my username and Password
Internet
Authorization
client
server
OK.You have access right. Here is the document.
Internet
Success
client
server
5
Authentication Protocols and Headers
Four phases of authentication
If the secret credentials dont match, the server
can challenge the client again or generate an
error.
6
Basic authentication example
client
server
(a)
GET /family/jeff.jpg HTTP/1.0
HTTP/1.0 401 Authorization required WWW-Authentica
te Basic realmFamily
(b)
GET /family/jeff.jpg HTTP/1.0 Authenticate Basic
Ydre3lkL56H7gdffvh
(c)
HTTP/1.0 200 OK Content-type img/jpeg ltimage
data includedgt
(d)
7
Security realms in a web server
/
Family realm
Index.html
corporate
press
financials
server
pr1.html
pr2.html
Sales-forecast.xls
Corporate financials realm
8
Basic authentication headers
9
Base-64 Username/Password Encoding
username
(a) Prompt for username and password
passwd!
Brian-tooty
(b) Pack username and password with colon
Brian-tootyOw!
Ow!
(c) Base 64 encode
BASE64ENC(brian-tottyOw!)
YnJpYW4tdG90Hk6T3ch
(d) Send authorization
GET /family/jeff.jpg HTTP/1.0 Authorization
Basic YnJpYW4tdG90Hk6T3ch
client
server
10
Base-64 Encoding
  • Takes a sequence of 8-bit bytes and segments the
    bit streams into 6-bit chunks.
  • Base-64 alphabet
  • 64 alphabets A-Z, a-z, 0-9, , /
  • The 65th alphabet for padding
  • http//www.freesoft.org/CIE/RFC/2065/56.htm
  • http//tw2.php.net/base64_encode

11
Proxy authentication
  • Authentication also can be done by intermediary
    proxy servers.
  • Some organizations use proxy server to
    authenticate users before letting them access
    servers, LANs, and wireless network.
  • Proxy servers can be a convenient way to provide
    unified access control across an organizations
    resources, because access policies can be
    centrally administered on the proxy server.
  • The first step in this process is to establish
    the identify via proxy authentication.

12
Web server versus proxy authentication
13
The security flaws of basic authentication
  • Base-64 encoding just obscures the username and
    password but encrypts them in a secure form.

14
For More Information
  • http//www.ietf.org/rfc/rfc2617.txt
  • HTTP Authentication Basic and Digest Access
    Authentication
  • http//www.ietf.org/rfc/rfc2616.txt
  • Hypertext Transfer Protocol -- HTTP/1.1
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Basic Authentication" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!