没有用户名的HTTP身份验证 [英] HTTP authentication without username

问题描述

我正在节点js中创建一个HTTP Server，我想向只有我将要使用的页面添加密码. 基本身份验证方案需要用户名和密码(在浏览器弹出窗口).用户名对我来说毫无用处，我想知道是否甚至可以只显示一个密码对话框.

I am creating a HTTP Server in node js, and I want to add a password to a page that only I will use. The Basic authentication scheme requires username and password (In the browser popup). Having a username is useless for me and I want to know if its even possible to just show a password dialog.

当前代码是这样，发送状态代码401 和 WWW认证标头.

The current code is this, sending a Status Code 401 and the WWW-Authenticate header.

response.statusCode = 401;
response.setHeader('WWW-Authenticate', 'Basic realm="Requires Password"');
response.end();

哪个是在Firefox中创建的窗口

Which creates this window in Firefox

那我需要在响应头中更改什么以仅具有一个密码字段?

So what do I need to change in the response headers to only have a password field?

推荐答案

我想知道是否甚至可以显示一个密码对话框.

I want to know if its even possible to just show a password dialog.

不. 基本身份验证方案基于客户端需要使用用户名和每个保护空间的密码，通常称为 领域 .

No. The Basic authentication scheme is based on the model that the client needs to authenticate itself with a username and a password for each protection space, frequently referred as realm.

对于具有401和WWW-Authenticate且值为Basic的响应，浏览器将提示输入用户名和密码.

For a response with 401 and WWW-Authenticate with the value Basic, the browser will prompt for both username and password.

那我需要在响应头中更改什么以仅具有一个密码字段?

So what do I need to change in the response headers to only have a password field?

如果由于某种原因您不想使用该用户名，则可以将其保留为空，选择一个默认的用户名或选择另一个适合您需要的身份验证方案.

If, for some reason, you don't want the username, you can leave it empty, pick a default one or choose another authentication scheme that suit your needs.

这篇关于没有用户名的HTTP身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！