Authorization - HTTP 编辑

The HTTP Authorization request header contains the credentials to authenticate a user agent with a server, usually, but not necessarily, after the server has responded with a 401 Unauthorized status and the WWW-Authenticate header.

Syntax

Authorization: <type> <credentials>

Directives

<type>

Authentication type. A common type is "Basic". Other types:

• IANA registry of Authentication schemes
• Authentification for AWS servers (AWS4-HMAC-SHA256)

<credentials>

If the "Basic" authentication scheme is used, the credentials are constructed like this:

• The username and the password are combined with a colon (aladdin:opensesame).
• The resulting string is base64 encoded (YWxhZGRpbjpvcGVuc2VzYW1l).

Note: Base64 encoding does not mean encryption or hashing! This method is equally secure as sending the credentials in clear text (base64 is a reversible encoding). Prefer to use HTTPS in conjunction with Basic Authentication.

Examples

Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l

See also HTTP authentication for examples on how to configure Apache or nginx servers to password protect your site with HTTP basic authentication.

Specifications

See also

• HTTP authentication
• WWW-Authenticate
• Proxy-Authorization
• Proxy-Authenticate
• 401, 403, 407