When a server allows access via Basic HTTP Authentication, what is the experience expected to be in a web browser?
Ignoring the web browser for a moment, here's how to create a Basic Auth request with curl
:
curl -u myusername:mypassword http://somesite.com
But what about in a Web Browser? What I've seen on some websites, is I visit the URL, and then the server returns response code 401. The browser then displays a username/password prompt.
However, on somesite.com, I'm not getting an authorization prompt at all, just a page that says I'm not authorized. Did somesite not implement the Basic Auth workflow correctly, or is there something else I need to do?
Best Answer
To help everyone avoid confusion, I will reformulate the question in two parts.
First : "how can make an authenticated HTTP request with a browser, using BASIC auth?".
In the browser you can do a http basic auth first by waiting the prompt to come, or by editing the URL if you follow this format:
http://myusername:mypassword@somesite.com
NB: the curl command mentionned in the question is perfectly fine, if you have a command-line and curl installed. ;)
References:
Also according to the CURL manual page https://curl.haxx.se/docs/manual.html
The second and real question is "However, on somesite.com, I'm not getting an authorization prompt at all, just a page that says I'm not authorized. Did somesite not implement the Basic Auth workflow correctly, or is there something else I need to do?"
The curl documentation says the
-u
option supports many method of authentication, Basic being the default.