Name
WWW-Authenticate: scheme realm
Synopsis
A request for authentication, used with the 401 (Unauthorized) response code. It specifies the authorization scheme and realm of authorization required from a client at the requested URL. Many different authorization realms can exist on a server. A common authorization scheme is BASIC, which requires a username and password. For example:
WWW-Authenticate: BASIC realm="Admin"
When returned to the client, this header indicates that the BASIC
type of authorization data in the appropriate realm should be
returned in the client’s Authorization
header.
Another scheme is Digest, which improves security by not transmitting the password as cleartext. The BASIC and Digest schemes are described in RFC 2617. Unfortunately, Digest is not widely used, given that not all browsers support it.
Windows-based HTTP servers sometimes use a scheme called NTLM. It isn’t as widely used as BASIC as well, given that not all browsers implement the NTLM scheme.
Get HTTP Pocket Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
