basic-authentication

I need to send authorization request using basic auth. I have successfully implemented this using jquery. However when I get 401 error basic auth browser popup is opened and jquery ajax error callback is not called. nwinkler I was facing this issue recently, too. Since you can't change the browser's default behavior of showing the popup in case of a 401 ( basic or digest authentication), there are two ways to fix this: Change the server response to not return a 401 . Return a 200 code instead and handle this in your jQuery client. Change the method that you're using for authorization to a

I'm setting up basic authentication on a php site and found this page on the php manual showing the set up. What does "realm" mean here in the header? header('WWW-Authenticate: Basic realm="My Realm"'); Is it the page page being requested? Tim Cooper From RFC 1945 (HTTP/1.0) and RFC 2617 (HTTP Authentication referenced by HTTP/1.1) The realm attribute (case-insensitive) is required for all authentication schemes which issue a challenge. The realm value (case-sensitive), in combination with the canonical root URL of the server being accessed, defines the protection space. These realms allow the

I'm working on a site that uses basic authentication. Using Chrome I've logged in using the basic auth. I now want to remove the basic authentication details from the browser and try a different login. How do you clear the current basic authentication details when using Chrome? opsb It seems chrome will always show you the login prompt if you include a username in the url e.g. http://me@example.com This is not a real full solution, see Mike's comment below. You can open an incognito window Ctrl + Shift + n each time you are doing a test. The incognito window will not remember the username and

I have a question about HTTPS and HTTP Authentication credentials. Suppose I secure a URL with HTTP Authentication: <Directory /var/www/webcallback> AuthType Basic AuthName "Restricted Area" AuthUserFile /var/www/passwd/passwords Require user gooduser </Directory> I then access that URL from a remote system via HTTPS, passing the credentials in the URL: https://gooduser:secretpassword@www.example.com/webcallback?foo=bar Will the username and password be automatically SSL encrypted? Is the same true for GETs and POSTs? I'm having a hard time locating a credible source with this information.