1 Basic Authentication Herng-Yow Chen. 2 Outline Explains HTTP authentication Delve into the most common form of HTTP authentication, basic authentication.

Slides:



Advertisements
Similar presentations
Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.
Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
1 Digest Authentication Herng-Yow Chen. 2 Outline Theory and practice of digest authentication. The improvement of Digest Authentication.
The Elbert HTTP Server HTTP Authentication, providing security in tough times By: Shawn M. Jones.
The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
SIP Security Issues: The SIP Authentication Procedure and its Processing Load Stefano Salsano, DIE — Universit à di Roma “ Tor Vergata ” Luca Veltri, and.
World Wide Web Basics Original version by Carolyn Watters (Dalhousie U. Computer Science)
WEB2P security Java web application security Dr Jim Briggs.
Web basics HTTP – – URI/L/Ns – HTML –
How the web works: HTTP and CGI explained
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Microsoft Challenge Handshake Authentication Protocol CS265 Spring 2005 ChungShun Wei.
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Securing Squid (Proxy) Using Digest Authentication.
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
Session 11: Security with ASP.NET
Wireless and Security CSCI 5857: Encoding and Encryption.
FTP (File Transfer Protocol) & Telnet
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
HTTP The HyperText Transfer Protocol. Objectives Introduce HTTP Introduce HTTP support in.NET.
CP476 Internet Computing Lecture 5 : HTTP, WWW and URL 1 Lecture 5. WWW, HTTP and URL Objective: to review the concepts of WWW to understand how HTTP works.
Characteristics of Communication Systems
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
© 2010 Cisco and/or its affiliates. All rights reserved. 1 Web Security Fear, Surprise, and Ruthless Efficiency Mary Ellen Zurko.
THE OSI MODEL AND THE TCP/IP PROTOCOL SUITE CS 1202 Lectur3 part2.
The OSI Model and the TCP/IP Protocol Suite Outline: 1.Protocol Layers 2.OSI Model 3.TCP/IP Model 4.Addressing 1.
POSTER TEMPLATE BY: Whitewater HTTP Vulnerabilities Nick Berry, Joe Joyce, & Kevin Vaccaro. Syntax & Routing Attempt to capture.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
1 Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example.
Web Client-Server Server Client Hypertext link TCP port 80.
Department of Computer Science & Engineering San Jose State University
1 CS 4396 Computer Networks Lab TCP/IP Networking An Example.
A Distributive Server Alberto Pareja-Lecaros. Introduction Uses of distributive computing - High powered applications - Ever-expanding server so there’s.
Data Communications and Computer Networks Chapter 2 CS 3830 Lecture 8 Omar Meqdadi Department of Computer Science and Software Engineering University of.
Security in Skype Prepared by Prithula Dhungel. Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded.
CIS679: Lecture 13 r Review of Last Lecture r More on HTTP.
Web Database Programming Week 7 Session Management & Authentication.
Web Server Design Week 11 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/24/10.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
© 2010 Computer Science Faculty, Kabul University HTTP CONTINUED… 4 TH LECTURE 2, May, 2010 Baseer Ahmad Baheer.
PHP-based Authentication
Operating Systems Lesson 12. HTTP vs HTML HTML: hypertext markup language ◦ Definitions of tags that are added to Web documents to control their appearance.
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)
Web Server Design Assignment #4: Authentication Due: 04/14/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein.
TOPIC: AUTHENTICITY CREATED BY SWAPNIL SAHOO AuthenticityAuthorisation Access Control Basic Authentication Apache BASIC AUTHENTICATIONDIGEST ACCESS AUTHENTICATIONDHCP.
COMP2322 Lab 2 HTTP Steven Lee Jan. 29, HTTP Hypertext Transfer Protocol Web’s application layer protocol Client/server model – Client (browser):
COEN 350: Network Security E-Commerce Issues. Table of Content HTTP Authentication Cookies.
Security Management in Web Applications. We all know this page...
Week-7 (Lecture-1) Internet Protocols: TCP/IP, Client Server: Protocol: Specification in networking and Communications It defines the procedures to be.
Port Based Network Access Control
Daniel Doubrovkine (dblock[at]dblock[dot]org) Single Sign-On w/ Tomcat & WAFFLE 6/8/2010 Tomcat -> Waffle ->
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.
Hypertext Transfer Protocol (HTTP) COMP6218 Web Architecture Dr Nicholas Gibbins –
SFS-HTTP: Securing the Web with Self-Certifying URLs
Hypertext Transfer Protocol
WMarket For Developers API && Authorization.
Authentication & .htaccess
Secure Sockets Layer (SSL)
The OSI Model and the TCP/IP Protocol Suite
Hypertext Transfer Protocol
Radius, LDAP, Radius used in Authenticating Users
Networks Problem Set 1 Due Oct 3 Bonus Date Oct 2
The OSI Model and the TCP/IP Protocol Suite
Chinese wall model in the internet Environment
The OSI Model and the TCP/IP Protocol Suite
Information Retrieval and Web Design
Presentation transcript:

1 Basic Authentication Herng-Yow Chen

2 Outline Explains HTTP authentication Delve into the most common form of HTTP authentication, basic authentication. The next lecture explains a more powerful techniques called digest authentication.

3 Authentication Authentication means showing some proof of your identification, actually some proof that you claim to be. HTTP provides a native challenges / response framework to make it easy to authenticate users.

4 Simplified challenge/response Authentication server client Internet Request Please give me the internal sales forecast. server client Internet Challenge You requested a secret Financial document.Please tell me your username and password server client Internet Authorization Please give me the internal sales forecast. Here is my username and Password: ” ****** ” server client Internet Success OK.You have access right. Here is the document. (Ask user for password)

5 Authentication Protocols and Headers PhaseHeaderMethod/Status RequestGET ChallengeWWW-Authenticate401 Unauthorized Authorization GET SuccessAuthorization-Info *200 OK Four phases of authentication If the secret credentials don ’ t match, the server can challenge the client again or generate an error.

6 Basic authentication example server client GET /family/jeff.jpg HTTP/1.0 HTTP/ Authorization required WWW-Authenticate: Basic realm= “ Family ” GET /family/jeff.jpg HTTP/1.0 Authenticate: Basic Ydre3lkL56H7gdffvh HTTP/ OK Content-type: img/jpeg … (a) (b) (c) (d)

7 Security realms in a web server server / Jeff.jpgbrian.jpg family Index.htmlcorporate financials press pr1.html pr2.html Sales-forecast.xls Family realm Corporate financials realm

8 Basic authentication headers Challenge/Response Header Challenge (server to client) WWW-Authenticate: Basic realm=Quoted-realm Response (client to server) Authorization: Basic base64-username-and-password

9 Base-64 Username/Password Encoding username passwd! (a) Prompt for username and password (b) Pack username and password with colon (c) Base 64 encode (d) Send authorization Brian-tooty Ow! Brian-tooty:Ow! BASE64ENC(brian-totty:Ow!) YnJpYW4tdG90Hk6T3ch server client GET /family/jeff.jpg HTTP/1.0 Authorization: Basic YnJpYW4tdG90Hk6T3ch

10 Base-64 Encoding Takes a sequence of 8-bit bytes and segments the bit streams into 6-bit chunks. Base-64 alphabet 64 alphabets: A-Z, a-z, 0-9, +, / The 65 th alphabet = for padding

11 Proxy authentication Authentication also can be done by intermediary proxy servers. Some organizations use proxy server to authenticate users before letting them access servers, LANs, and wireless network. Proxy servers can be a convenient way to provide unified access control across an organization ’ s resources, because access policies can be centrally administered on the proxy server. The first step in this process is to establish the identify via proxy authentication.

12 Web server versus proxy authentication Web serverProxy server Unauthorized status code:401 Unauthorized status code:407 WWW-AuthenticateProxy-Authenticate AuthenticateProxy-Authenticate Authenticate-InfoProxy-Authenticate-Info

13 The security flaws of basic authentication Base-64 encoding just obscures the username and password but encrypts them in a secure form.

14 For More Information “ HTTP Authentication: Basic and Digest Access Authentication ” “ Hypertext Transfer Protocol -- HTTP/1.1 ”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.