Basic Authentication
Introduction
Basic authentication works by including credentials in each request sent to the service.
This is done by setting the "Authorization" header as follows:
Authorization: Basic XThe header value consists of two, space separated parts:
- The authentication method, in this case "Basic"
- The user credentials (X) in the format "username:password" as base-64 encoded text
If this header is set, the service checks whether that combination of username and password is configured in the HAKOM user store (a.k.a. the HAKOM ACL).
Example
Assuming the following user:
- Username: Max
- Password: Mustermann123
In order to use this user when accessing the service, each request should contain the following header:
Authorization: Basic TWF4Ok11c3Rlcm1hbm4xMjM=The string used in the example "TWF4Ok11c3Rlcm1hbm4xMjM=" represents "Max:Mustermann123" in base64 encoding. This is not encrypted, and can thus be decoded and read quite easily. This header value should therefore not be stored anywhere
Notes Regarding Security
Because the credentials are sent in every request and are not in any way encrypted, an attacker monitoring network traffic can easily obtain and use these credentials. For this reason, Basic authentication should only be used
- in conjunction with SSL so that individual requests cannot be intercepted or
- in sandboxed development/testing environments where security is not a concern.