Quick view on Basic vs Digest Authentications
Basic authentication: is an HTTP supported authentication. It relies on the User-Agent [browser] to provide the username and password fields for the user to fill out. It is called basic authentication as it sends credentials in plain text or encoded in base64.
Digest Authentication:s another type of HTTP supported authentication considered a bit secure than Basic as it sends the hashed passwords over to the server instead of plain text one along with other values.
Steps for Authentication
1- Client sends a request to access a resource on the server i.e. /assets
2- The server responds with a 401 Unauthorized status along with random values for the nonce and opaque and prompts the user to enter the required credentials through the browser’s pop-up box.
3- Credentials are sent through a new request to the server to access the requested resource. It will contain the username of the client, realm “domain in which the server is hosting the resource; in this case “example@host.com” , the requested resource i.e /assets and the response value.
The response value is a hashed value of the password, nonce and opaque values that are the same values as the ones sent by the server in the first response.
GET /assest HTTP/1.0
Host: localhost
Authorization: Digest username=”newUser”,
realm=”example@host.com”,
nonce=”dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri=”/assests”,
response=”6629fae49393a05397450978507c4ef1",
opaque=”5ccc069c403ebaf9f0171e9517f40e41"
4- If the credentials are correct, the client will receive a 200 OK response and will be able to access the resource.
Resources
