11.1 Basic Authentication Scheme

The "basic" authentication scheme is based on the model that the user agent must authenticate itself with a user-ID and a password for each realm. The realm value should be considered an opaque string which can only be compared for equality with other realms on that server. The server will service the request only if it can validate the user-ID and password for the protection space of the Request-URI. There are no optional authentication parameters.

Upon receipt of an unauthorized request for a URI within the protection space, the server MAY respond with a challenge like the following:

          WWW-Authenticate: Basic realm="WallyWorld"

where "WallyWorld" is the string assigned by the server to identify the protection space of the Request-URI.

To receive authorization, the client sends the userid and password, separated by a single colon (":") character, within a base64 encoded string in the credentials.

          basic-credentials = "Basic" SP basic-cookie

          basic-cookie   = <base64 [7] encoding of user-pass,
                           except not limited to 76 char/line>

          user-pass   = userid ":" password

          userid      = *<TEXT excluding ":">

          password    = *TEXT

Userids might be case sensitive.

If the user agent wishes to send the userid "Aladdin" and password "open sesame", it would use the following header field:

          Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

See section 15 for security considerations associated with Basic authentication.