Skip to main content
SpringerLink
Log in

Basic/Digest Authentication

  • Chapter
  • First Online:
Advanced API Security

  • 2649 Accesses

Abstract

HTTP Basic Authentication and Digest Authentication are two authentication schemes, used for protecting resources on the Web. Both are based on username- and password-based credentials. When trying to log in to a web site, if the browser presents you a dialog box asking your username and password, then most probably this web site is protected with HTTP basic or digest authentication. Asking the browser to challenge the user to authenticate is one of the quick and dirty ways of protecting a web site. None or at least very few web sites on the Internet today use HTTP basic or digest authentication. Instead, they use a nice form-based authentication or their own custom authentication schemes. But still some use HTTP basic/digest authentication to secure direct API-level access to resources on the Web.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 34.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 44.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Hypertext Transfer Protocol—HTTP/1.0, www.rfc-base.org/txt/rfc-1945.txt

  2. 2.

    Hypertext Transfer Protocol—HTTP/1.1, www.ietf.org/rfc/rfc2616.txt

  3. 3.

    HTTP Authentication: Basic and Digest Access Authentication, www.ietf.org/rfc/rfc2617.txt

  4. 4.

    GitHub REST API, http://developer.github.com/v3/

  5. 5.

    An Extension to HTTP: Digest Access Authentication, www.ietf.org/rfc/rfc2069.txt

  6. 6.

    The 401 HTTP status code is returned back in the HTTP response when the request is not authenticated to access the corresponding resource. All HTTP/1.1 status codes are defined here: www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

  7. 7.

    Chosen plaintext attack is an attack model where the attacker has access to both the encrypted text and the corresponding plaintext. The attacker can specify his own plaintext and get it encrypted or signed by the server. Further he can carefully craft the plaintext to learn characteristics about the encryption/signing algorithm. For example, he can start with an empty text, a text with one letter, with two letters likewise, and get corresponding encrypted/signed text. This kind of an analysis on encrypted/signed text is known as cryptanalysis.

  8. 8.

    Apache Directory Studio user guide for setting up and getting started is available at http://directory.apache.org/studio/users-guide/apache_directory_studio/

Author information

Authors and Affiliations

  1. San Jose, CA, USA

    Prabath Siriwardena

Authors
  1. Prabath Siriwardena
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Prabath Siriwardena

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Siriwardena, P. (2020). Basic/Digest Authentication. In: Advanced API Security. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-2050-4_21

Download citation

Publish with us

Policies and ethics

Search

Navigation