User-server interaction: authentication

Authentication goal: control access to server documents

• stateless: client must present authorization in each request

• authorization: typically name, password

  • authorization: header line in request
  • if no authorization presented, server refuses access, sends
    WWW authenticate:
    
    header line in response

client

server

usual http request msg

401: authorization req.

WWW authenticate:

Browser caches name & password so

that user does not have to repeatedly enter it.

Previous slide

Next slide

Back to first slide

View graphic version