HTTP Basic Authentication - what s the expected web browser experience

Question

When a server allows access via Basic HTTP Authentication  what is the experience expected to be in a web browser   Ignoring the web browser for a moment  here s how to create a Basic Auth request with curl   curl -u myusername mypassword http   somesite com   But what about in a Web Browser  What I ve seen on some websites  is I visit the URL  and then the server returns response code 401  The browser then displays a username password prompt   However  on somesite com  I m not getting an authorization prompt at all  just a page that says I m not authorized  Did somesite not implement the Basic Auth workflow correctly  or is there something else I need to do

User · Answer

If there are no credentials provided in the request headers  the following is the minimum response required for IE to prompt the user for credentials and resubmit the request   Response Clear    Response StatusCode    Int32 HttpStatusCode Unauthorized  Response AddHeader  WWW-Authenticate    Basic

User · Answer

WWW-Authenticate header  You may also get this if the server is sending a 401 response code but not setting the WWW-Authenticate header correctly - I should know  I ve just fixed that in out own code because VB apps weren t popping up the authentication prompt

User · Answer

Have you tried     curl somesite com --user username password

User · Answer

You can use Postman a plugin for chrome  It gives the ability to choose the authentication type you need for each of the requests  In that menu you can configure user and password  Postman will automatically translate the config to a authentication header that will be sent with your request

User · Answer

You might have old invalid username password cached in your browser   Try clearing them and check again   If you are using IE and somesite com is in your Intranet security zone  IE may be sending your windows credentials automatically

User · Answer

To help everyone avoid confusion  I will reformulate the question in two parts   First    how can make an authenticated HTTP request with a browser  using BASIC auth     In the browser you can do a http basic auth first by waiting the prompt to come  or by editing the URL if you follow this format  http   myusername mypassword somesite com  NB  the curl command mentionned in the question is perfectly fine  if you have a command-line and curl installed      References    https   en wikipedia org wiki Basic access authentication URL encoding https   en wikipedia org wiki Uniform Resource Locator Syntax https   tools ietf org html rfc3986 page-18   Also according to the CURL manual page https   curl haxx se docs manual html  HTTP    Curl also supports user and password in HTTP URLs  thus you can pick a file   like         curl http   name passwd machine domain full path to file    or specify user and password separately like in        curl -u name passwd http   machine domain full path to file    HTTP offers many different methods of authentication and curl supports   several  Basic  Digest  NTLM and Negotiate  SPNEGO   Without telling which   method to use  curl defaults to Basic  You can also ask curl to pick the   most secure ones out of the ones that the server accepts for the given URL    by using --anyauth     NOTE  According to the URL specification  HTTP URLs can not contain a user   and password  so that style will not work when using curl via a proxy  even   though curl allows it at other times  When using a proxy  you  must  use   the -u style for user and password    The second and real question is  However  on somesite com  I m not getting an authorization prompt at all  just a page that says I m not authorized  Did somesite not implement the Basic Auth workflow correctly  or is there something else I need to do    The curl documentation says the -u option supports many method of authentication  Basic being the default

[basic-authentication] HTTP Basic Authentication - what's the expected web browser experience?

Examples related to basic-authentication