HTTP Auth

1. Basic Access Authentication

the credentials are passed as plaintext and could be intercepted easily.

這個憑據作為明文被傳送並且可以被輕鬆的截取

To prevent the user name and password being read directly by a person, they are encoded as a sequence of base-64 characters before transmission.

為了防止用戶的賬號密碼被別人讀取，這些數據在傳輸前被編碼成 base-64格式 編碼序列

example:

例如

Client request (no authentication):

客戶端（瀏覽器）請求（沒有認證）

GET /private/index.html HTTP/1.0

數據傳輸方式（GET） 請求檔案的url

Host: localhost

主機地址：ip地址

Server response:

伺服器 回響：

HTTP/1.0 401 Unauthorised

請求協定 狀態碼 狀態（沒有許可權）

Server: SokEvo/1.0

伺服器：伺服器代號

Date: Sat, 27 Nov 2004 10:18:15 GMT

時間

WWW-Authenticate: Basic realm="SokEvo“

3W驗證 ：基本環境

Content-Type: text/html

檔案類型 : html text

Content-Length: xxx

檔案長度

下面是具體內容html文檔

<HTML>

<HEAD>

<TITLE>Error</TITLE>

</HEAD>

<BODY><H1>401 Unauthorised.</H1></BODY>

</HTML>

Client request (user name "Aladdin", password "open sesame"):

GET /private/index.html HTTP/1.0

Host: localhost

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

認證碼

Server response:

HTTP/1.0 200 OK

Server: SokEvo/1.0

Date: Sat, 27 Nov 2004 10:19:07 GMT

Content-Type: text/html

Content-Length: 10476

2. Digest Access Authentication

摘要訪問認證

user identity to be established securely without having to send a password in plaintext over the network. Digest authentication is basically an application of MD5 cryptographic hashing with usage of nonce values to prevent cryptanalysis.

用戶認證安全的不用通過網路傳送明文密碼。摘要認證是基於MD5加密套用 通過散列的隨機數值的事用以防止密碼被分析

example:

Client request (no authentication):

GET /dir/index.html HTTP/1.0

Host: localhost

Server response:

HTTP/1.0 401 Unauthorised

Server: SokEvo/0.9

Date: Sun, 10 Apr 2005 20:26:47 GMT

WWW-Authenticate: Digest realm="[email protected]", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41“

MD5加密認證

Content-Type: text/html

Content-Length: xxx

<HTML>

<HEAD>

<TITLE>Error</TITLE>

</HEAD>

<BODY><H1>401 Unauthorised.</H1></BODY>

</HTML>

Client request (user name "Mufasa", password "Circle Of Life"):

GET /dir/index.html HTTP/1.0

Host: localhost

Authorization: Digest username="Mufasa",

認證 摘要 用戶名=

[email protected],

領域=

nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",

隨機數

uri="/dir/index.html",

訪問路徑

qop=auth,

nc=00000001,

cnonce="0a4f113b",

response="6629fae49393a05397450978507c4ef1",

回響

opaque="5ccc069c403ebaf9f0171e9517f40e41"

Server response:

HTTP/1.0 200 OK

Server: SokEvo/0.9

Date: Sun, 10 Apr 2005 20:27:03 GMT

Content-Type: text/html

Content-Length: 7984