HTTP Basic Authentication provides a straightforward mechanism for authentication. Credentials are sent in plain text, and so is insecure by default. Successful authentication proceeds as follows.
The client requests a page for which access is restricted:
The server responds with status code
401 Unauthorized and requests the client to authenticate:
401 Unauthorized WWW-Authenticate: Basic realm="Secret Page"
The client sends the
Authorization header. The credentials are
username:password base64 encoded:
GET /secret Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
The server accepts the credentials and responds with the page content:
HTTP/1.1 200 OK