Open In App

HTTP headers | WWW-Authenticate

Last Updated : 05 Jan, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

HTTP WWW-Authenticate header is a response-type header. It serves as a support for various authentication mechanisms which are important to control access to pages and other resources as well. All of these mechanisms are based on the use of the 401 status code. The HTTP WWW-Authenticate response header defines the authentication method that ought to be wont to gain access to a resource. As discussed earlier, the WWW-Authenticate header is sent along with a 401 Unauthorized response. 

The working includes a client being responded by a server with a 401 Unauthorized response status which provides information on authorizing with a WWW-Authenticate response header containing a minimum of one challenge. A client that wants to authenticate itself with a server can do so by including an Authorization request-header field with the credentials. Usually, it is done by presenting a password prompt to the user and then issuing the request including the correct Authorization header. 

Diagrammatic representation of basic authentication is as follows: 

Here, is the authentication scheme (“Basic” is the most common scheme and introduced below). The realm is employed to explain the protected area or to point the scope of protection. This could be a message like “Access to the staging site” or similar in order that the user knows to which space they’re trying to urge access to. 

Note: Note: In the case of a “Basic” authentication like shown in the figure, the exchange must happen over an HTTPS (TLS) connection to be secure. 

It is needed to be specified which authentication scheme is used so that the client that wishes to authorize knows how to provide the credentials. 

Syntax: 

WWW-Authenticate: <type> realm=<realm> realm=<realm>

Directives: This header accepts three directives as mentioned above and described below:  

  • <type>: This directive holds the authentication type. A common type is “Basic”. IANA maintains a list of authentication schemes.
  • realm=<realm>: This directive describe of the protected area. By default, the formatted hostname is used.
  • charset=<charset>: Tells the client the server’s preferred encoding scheme when submitting a username and password. The only allowed value is the case the insensitive string “UTF-8”. This doesn’t relate to the encoding of the realm string.

Example:  

WWW-Authenticate: Basic
WWW-Authenticate: Basic realm="Access to the staging site", 
charset="UTF-8"

Supported Browsers: The browsers supported by HTTP headers WWW-Authenticate are listed below:  

  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox
  • Internet Explorer
  • Opera
  • Safari

 


Like Article
Suggest improvement
Previous
HTTP headers | Content-Security-Policy-Report-Only
Next
Fabric.js | Ellipse lockUniScaling Property
Share your thoughts in the comments

Similar Reads

HTTP headers | Proxy-Authenticate
HTTP headers | Access-Control-Expose-Headers
HTTP headers | Access-Control-Allow-Headers.
HTTP headers | Access-Control-Request-Headers
How to authenticate with google using firebase in React ?
How to authenticate firebase with GitHub in ReactJS ?
How to Authenticate with Google using Firebase in React Native Application ?
How to authenticate phone number using firebase in ReactJS ?
HTTP headers | Location
HTTP headers | User-Agent

G
gulati_rohit
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox