“HTTP Auth”的意思、由来-中文百科全书

1. Basic Access Authentication

the credentials are passed as plaintext and could be intercepted easily.

To prevent the user name and password being read directly by a person, they are encoded as a sequence of base-64 characters before transmission.

example:

Client request (no authentication):

GET /private/index.html HTTP/1.0

Host: localhost

Server response:

HTTP/1.0 401 Unauthorised

Server: SokEvo/1.0

Date: Sat, 27 Nov 2004 10:18:15 GMT

WWW-Authenticate: Basic realm="SokEvo“

Content-Type: text/html

Content-Length: xxx

<HTML>

<HEAD>

<TITLE>Error</TITLE>　　　　

</HEAD>

<BODY><H1>401 Unauthorised.</H1></BODY>

</HTML>

Client request (user name "Aladdin", password "open sesame"):

GET /private/index.html HTTP/1.0

Host: localhost

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

Server response:

HTTP/1.0 200 OK

Server: SokEvo/1.0

Date: Sat, 27 Nov 2004 10:19:07 GMT

Content-Type: text/html

Content-Length: 10476

2. Digest Access Authentication

user identity to be established securely without having to send a password in plaintext over the network. Digest authentication is basically an application of MD5 cryptographic hashing with usage of nonce values to prevent cryptanalysis.

example:

Client request (no authentication):

GET /dir/index.html HTTP/1.0

Host: localhost

Server response:

HTTP/1.0 401 Unauthorised

Server: SokEvo/0.9

Date: Sun, 10 Apr 2005 20:26:47 GMT

WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41“

Content-Type: text/html

Content-Length: xxx

<HTML>

<HEAD>

<TITLE>Error</TITLE>

</HEAD>

<BODY><H1>401 Unauthorised.</H1></BODY>

</HTML>

Client request (user name "Mufasa", password "Circle Of Life"):

GET /dir/index.html HTTP/1.0

Host: localhost

Authorization: Digest username="Mufasa",

realm="testrealm@host.com",

nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",

uri="/dir/index.html",

qop=auth,

nc=00000001,

cnonce="0a4f113b",

response="6629fae49393a05397450978507c4ef1",

opaque="5ccc069c403ebaf9f0171e9517f40e41"

Server response:

HTTP/1.0 200 OK

Server: SokEvo/0.9

Date: Sun, 10 Apr 2005 20:27:03 GMT

Content-Type: text/html

Content-Length: 7984

词条	HTTP Auth
释义	1. Basic Access Authentication the credentials are passed as plaintext and could be intercepted easily. To prevent the user name and password being read directly by a person, they are encoded as a sequence of base-64 characters before transmission. example: Client request (no authentication): GET /private/index.html HTTP/1.0 Host: localhost Server response: HTTP/1.0 401 Unauthorised Server: SokEvo/1.0 Date: Sat, 27 Nov 2004 10:18:15 GMT WWW-Authenticate: Basic realm="SokEvo“ Content-Type: text/html Content-Length: xxx <HTML> <HEAD> <TITLE>Error</TITLE>　　　　 </HEAD> <BODY><H1>401 Unauthorised.</H1></BODY> </HTML> Client request (user name "Aladdin", password "open sesame"): GET /private/index.html HTTP/1.0 Host: localhost Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== Server response: HTTP/1.0 200 OK Server: SokEvo/1.0 Date: Sat, 27 Nov 2004 10:19:07 GMT Content-Type: text/html Content-Length: 10476 2. Digest Access Authentication user identity to be established securely without having to send a password in plaintext over the network. Digest authentication is basically an application of MD5 cryptographic hashing with usage of nonce values to prevent cryptanalysis. example: Client request (no authentication): GET /dir/index.html HTTP/1.0 Host: localhost Server response: HTTP/1.0 401 Unauthorised Server: SokEvo/0.9 Date: Sun, 10 Apr 2005 20:26:47 GMT WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41“ Content-Type: text/html Content-Length: xxx <HTML> <HEAD> <TITLE>Error</TITLE> </HEAD> <BODY><H1>401 Unauthorised.</H1></BODY> </HTML> Client request (user name "Mufasa", password "Circle Of Life"): GET /dir/index.html HTTP/1.0 Host: localhost Authorization: Digest username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" Server response: HTTP/1.0 200 OK Server: SokEvo/0.9 Date: Sun, 10 Apr 2005 20:27:03 GMT Content-Type: text/html Content-Length: 7984
随便看	桥本爱桥本爱实桥本病桥本博且桥本策桥本昌二桥本淳桥本纺桥本关雪桥本和桥本虎之助桥本晃司桥本晃一桥本甲状腺炎桥本健二桥本江莉果桥本经子桥本丽香桥本凉桥本良亮桥本龙太郎桥本隆则桥本美步桥本式甲状腺炎桥本氏