HTTP基本身份验证 - 预期的浏览器体验是什么? [英] HTTP Basic Authentication - what's the expected browser experience?

查看:126
本文介绍了HTTP基本身份验证 - 预期的浏览器体验是什么?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当服务器允许通过基本HTTP身份验证访问时,浏览器的预期体验是什么?



我通常只使用curl:

  curl -u myusername:mypassword http://somesite.com

它工作正常。然而,现在我没有访问curl(长故事),我想只是从网络浏览器,如果可能的话。



我认为Basic Auth应该工作的方式是 - 我输入url我想要的服务器然后决定我没有授权,返回响应代码401,并在提示符中键入我的用户名和密码。如果正确,页面加载!



但是,在somesite.com上,我没有得到授权提示,只是一个页面,说我不授权。有没有一个没有正确实现基本的Auth工作流程,还是有其他需要做的事?

解决方案



首先:如何使用curl命令的浏览器。 p>

在浏览器中,您可以先等待提示符来执行http基本验证,或者如果您遵循以下格式编辑URL: http: //myusername:mypassword@somesite.com



注意:问题中提到的curl命令完全正常,线和卷曲安装。 ;)



参考文献:





也根据CURL手册页 https://curl.haxx.se/docs/manual.html 

  HTTP 
 
 Curl还支持HTTP URL中的用户和密码,因此您可以选择一个文件
 like:
 
 curl http :// name:passwd@machine.domain/full/path/to/file 
 
或单独指定用户和密码,如
 
 curl -u name:passwd http: //machine.domain/full/path/to/file 
 
 HTTP提供许多不同的身份验证方法,curl支持
几个:Basic,Digest,NTLM和Negotiate(SPNEGO)。没有告诉哪个
方法要使用,curl默认为Basic。您还可以要求curl从服务器为给定URL接受的
中选择最安全的一个,使用--anyauth选择

 
注意!根据URL规范,HTTP URL不能包含用户
和密码,所以当通过代理使用curl时,样式将不起作用,即使
通过curl允许在其他时间。当使用代理时,您_must_使用
用户和密码的-u样式。

第二个真正的问题是但是,在somesite.com上,获取授权提示,只是一个页面,说我未授权。有没有一个没有正确实现基本验证工作流程,还是有其他我需要做的?



curl文档说, -u 选项支持许多认证方法,Basic是默认值。


When a server allows access via Basic HTTP Authentication, what is the experience expected to be on the browser?

I typically just do this with curl:

curl -u myusername:mypassword http://somesite.com

And it works just fine. However, right now I don't have access to curl (long story), and I want to just do it from the web browser, if possible.

I thought the way Basic Auth was supposed to work was - I type in the url I want, the server then decides I'm not authorized, returns response code 401, and I type my username and password into a prompt. If it's correct, the page loads!

However, on somesite.com, I'm not getting an authorization prompt at all, just a page that says I'm not authorized. Did somesite not implement the Basic Auth workflow correctly, or is there something else I need to do?

解决方案

To help everyone avoid confusion, I will reformulate the question in two parts.

First : "how can I do with a browser that curl command ?".

In the browser you can do a http basic auth first by waiting the prompt to come, or by editing the URL if you follow this format: http://myusername:mypassword@somesite.com

NB: the curl command mentionned in the question is perfectly fine, if you have a command-line and curl installed. ;)

References:

Also according to the CURL manual page https://curl.haxx.se/docs/manual.html

HTTP

  Curl also supports user and password in HTTP URLs, thus you can pick a file
  like:

      curl http://name:passwd@machine.domain/full/path/to/file

  or specify user and password separately like in

      curl -u name:passwd http://machine.domain/full/path/to/file

  HTTP offers many different methods of authentication and curl supports
  several: Basic, Digest, NTLM and Negotiate (SPNEGO). Without telling which
  method to use, curl defaults to Basic. You can also ask curl to pick the
  most secure ones out of the ones that the server accepts for the given URL,
  by using --anyauth.

  NOTE! According to the URL specification, HTTP URLs can not contain a user
  and password, so that style will not work when using curl via a proxy, even
  though curl allows it at other times. When using a proxy, you _must_ use
  the -u style for user and password.

The second and real question is "However, on somesite.com, I'm not getting an authorization prompt at all, just a page that says I'm not authorized. Did somesite not implement the Basic Auth workflow correctly, or is there something else I need to do?"

The curl documentation says the -u option supports many method of authentication, Basic being the default.

这篇关于HTTP基本身份验证 - 预期的浏览器体验是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Linux/Unix最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆