In the context of an
HTTP
The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
transaction, basic access authentication is a method for an
HTTP user agent (e.g. a
web browser
A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...
) to provide a
user name and
password when making a request. In basic HTTP authentication, a request contains a header field in the form of
Authorization: Basic , where credentials is the
Base64 encoding of ID and password joined by a single colon
:.
It was originally implemented by
Ari Luotonen
Ari Luotonen is a Finnish software developer and author.
He studied for M.Sc. in Tampere University of Technology, but cut his studies short with an Equivalent of B.Sc. in Computer Science. In July 1993, he moved to Geneva to work for CERN. Ther ...
at
CERN in 1993 and defined in the HTTP 1.0 specification in 1996.
It is specified in from 2015, which obsoletes from 1999.
Features
HTTP Basic authentication (BA) implementation is the simplest technique for enforcing
access controls to web resources because it does not require
cookies, session identifiers, or login pages; rather, HTTP Basic authentication uses standard fields in the
HTTP header.
Security
The BA mechanism does not provide
confidentiality protection for the transmitted credentials. They are merely encoded with
Base64 in transit and not
encrypted or
hashed in any way. Therefore, basic authentication is typically used in conjunction with
HTTPS to provide confidentiality.
Because the BA field has to be sent in the