Download ppt - CS

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts

Cascading Style Sheets wikipedia , lookup

URL redirection wikipedia , lookup

Transcript 
The Basic Authentication
Scheme of HTTP
Access Restriction
• Sometimes, we want to restrict access to certain
Web pages to certain users
• A user is identified by a name and a password
• Several mechanisms are used for controlling the
access to pages on the Web
• A basic mechanism, provided by HTTP, is called
“Basic Authentication Scheme”
Basic Authentication Scheme
• For each URL that the server wishes to restrict, a list of
authorized users is maintained
• Using HTTP headers, the server declares that a the
requested page is restricted (authentication is required)
• The client passes the name and password within a
HTTP header
• The decision on which pages are restricted and to which
users is implemented by the server (not a part of HTTP)
Basic Authentication Scheme (cont)
• The user's name and password need to be sent with each
request for a protected resource
• When the server gets a request for a protected resource,
it checks whether that request has the HTTP header
Authorization: Basic username:password
• username:password undergoes some non-secure
encoding to allow for special characters
• If the name and password are accepted by the server
(i.e., are those of a user that has the privilege to get the
page), then the requested page is returned
HTTP Basic Mechanism
• If the request does not have the authorization header or
the name and password are not accepted, then the server
replies with 401 (unauthorized)
• A 401 response can have the header
WWW-Authenticate: Basic realm="realm-name"
• That is, "in order to get this resource, you will have to
authenticate using the basic method"
- Tell the user to supply authentication for pages in
realm-name
Declarative Security: BASIC
Realm A
/a/A.html
/a/B.jsp
OK + Content
GET E.xsl
Realm B
/b/C.css
/b/D.xml
E.xsl
F.xml
Declarative Security: BASIC
Realm A
/a/A.html
/a/B.jsp
401 + Basic realm="A"
GET /a/B.jsp
Realm B
/b/C.css
/b/D.xml
E.xsl
F.xml
Declarative Security: BASIC
Realm A
/a/A.html
/a/B.jsp
OK + Content
GET /a/B.jsp + user:pass
Realm B
/b/C.css
/b/D.xml
E.xsl
F.xml
Declarative Security: BASIC
Realm A
/a/A.html
/a/B.jsp
OK + Content
GET /a/A.html + user:pass
Realm B
/b/C.css
/b/D.xml
E.xsl
F.xml
Browser Cooperation
• Throughout the session, the browser stores the
username and password and automatically sends
the authorization header in either one of the
following cases:
- The requested resource is under the directory of the
originally authenticated resource
- The browser received 401 from the Web server and
the WWW-Authenticate header has the same realm as
the previous protected resource
Related documents
September 8 & 9 - Cloudfront.net
September 8 & 9 - Cloudfront.net
GEOG 210
GEOG 210
IMMEDIATELY AVAILABLE JOB
IMMEDIATELY AVAILABLE JOB
reflections on services marketing
reflections on services marketing
3.02B Authoring Languages
3.02B Authoring Languages
Types of Decision Problem and Applications of Decision Support
Types of Decision Problem and Applications of Decision Support
Insert practice name
Insert practice name
World Wide Web Conference
World Wide Web Conference
Patient Online: Records Access Information Leaflet
Patient Online: Records Access Information Leaflet
Samsara - HigherRMPS
Samsara - HigherRMPS
Human Area Network
Human Area Network
Microsoft .NET
Microsoft .NET
Chapter 16
Chapter 16
Association for Institutional Research
Association for Institutional Research
original - Kansas State University
original - Kansas State University
Cultural Space Theory
Cultural Space Theory