basic-authentication

I'm implementing a RESTful web service using ASP.Net Web Api. I have concluded to use Basic authentication + SSL to do the authentication part. What is the best/correct way to implement that? My first attempt was to do it manually, parsing the Authorization header, decoding and verifying the user against my database. It works, but I wonder if I am missing something. I've seen some solutions using user roles and principals. While I'm not sure what these actually do, I'm almost sure I will not be needing these, since in my database I define my own users and their roles. Also what I haven't yet

How can I specify the username and password for making Basic-Auth requests with App Engine's URLFetch service (in Java)? It seems I can set HTTP headers: URL url = new URL("http://www.example.com/comment"); HttpURLConnection connection = (HttpURLConnection) url.openConnection(); connection.setRequestProperty("X-MyApp-Version", "2.7.3"); What are the appropriate headers for Basic-Auth? Zombies This is a basic auth header over http: Authorization: Basic base64 encoded(username:password) eg: GET /private/index.html HTTP/1.0 Host: myhost.com Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== You

I am new to rest api's and calling them via .NET I have an api: https://sub.domain.com/api/operations?param=value&param2=value The notes for the api say that to authorize I need to use the basic access authentication - how do I do that? I currently have this code: WebRequest req = WebRequest.Create(@"https://sub.domain.com/api/operations?param=value&param2=value"); req.Method = "GET"; //req.Credentials = new NetworkCredential("username", "password"); HttpWebResponse resp = req.GetResponse() as HttpWebResponse; However I get a 401 unauthorized error. What am I missing, how do I form api calls

I have a Spring REST application which at first was secured with Basic authentication. Then I added a login controller that creates a JWT JSON Web Token which is used in subsequent requests. Could I move the following code out of the login controller and into the security filter? Then I would not need the login controller any longer. tokenAuthenticationService.addTokenToResponseHeader(responseHeaders, credentialsResource.getEmail()); Or could I remove the Basic authentication? Is it a good design to mix Basic authentication with a JWT? Although it all works fine, I'm a bit in the dark here as

One of our webapplications is using Basic Authentication and build with AngularJS. To test this application, I use Protractor, which uses Selenium to communicate with browsers. In Chrome, everything works fine and doing basic authentication is easy: username:password@host.ext Under Internet Explorer, the URL's with password and username are expected to be a security risk and are therefor not allowed. Until Internet Explorer 9, this setting could be turned off in the registry (FEATURE_HTTP_USERNAME_PASSWORD_DISABLE) . When setting this registry key for Internet Explorer 10, the behaviour

I have to transfer my client from one website to another website. This happens in client side. In this 2nd website, its using windows basic authentication system. So It popups the login window. I need to omit this Popup window and authenticate my client on 2nd website using javascript and then redirect him to 2nd website. There is no security issue even I put credentials in javascript file since this whole system is running in Intranet. So How to authenticate client on 2nd website ? I found this thread How can I pass windows authentication to webservice using jQuery? But it does not work. When