What is the “realm” in basic authentication

by

From RFC 1945 (HTTP/1.0) and RFC 2617 (HTTP Authentication referenced by HTTP/1.1)

The realm attribute (case-insensitive) is required for all
authentication schemes which issue a challenge. The realm value
(case-sensitive), in combination with the canonical root URL of the
server being accessed, defines the protection space. These realms
allow the protected resources on a server to be partitioned into a set
of protection spaces, each with its own authentication scheme and/or
authorization database. The realm value is a string, generally
assigned by the origin server, which may have additional semantics
specific to the authentication scheme.

In short, pages in the same realm should share credentials. If your credentials work for a page with the realm “My Realm”, it should be assumed that the same username and password combination should work for another page with the same realm.

More Related Contents:

  1. How to log out user from web site using BASIC authentication?
  2. How to display the Authentication Challenge in UIWebView?
  3. What encoding should I use for HTTP Basic Authentication?
  4. Escaping username characters in basic auth URLs
  5. Basic HTTP authentication in Node.JS?
  6. How to define the basic HTTP authentication using cURL correctly?
  7. Getting Basic Authentication to work with ColdFusion
  8. Do I need Content-Type: application/octet-stream for file download?
  9. What requests do browsers’ “F5” and “Ctrl + F5” refreshes generate?
  10. CORS with POSTMAN
  11. URL matrix parameters vs. query parameters
  12. Detecting the character encoding of an HTTP POST request
  13. ETag vs Header Expires
  14. Do I need a content-type header for HTTP GET requests?
  15. How can I get the clients IP address from HTTP headers?
  16. What is the limit on QueryString / GET / URL parameters
  17. Is the URL fragment identifier sent to the server? [duplicate]
  18. Why am I getting “(304) Not Modified” error on some links when using HttpWebRequest?
  19. Difference between Content-Range and Range headers?
  20. HTTP POST request in Inno Setup Script
  21. URL hash is persisting between redirects
  22. How WebSocket server handles multiple incoming connection requests?
  23. nginx close upstream connection after request
  24. Official references for default values of concurrent HTTP/1.1 connections per server? [closed]
  25. Does the HTTP Protocol support multiple content types in response headers?
  26. Sending browser cookies during a 302 redirect
  27. Is the Content-Length header required for a HTTP/1.0 response?
  28. What is the difference between server side cookie and client side cookie?
  29. What is a connection timeout during a http request
  30. How to set up CORS or OPTIONS for Rocket.rs

Leave a Comment