Next: , Previous: , Up: Authentication   [Contents]

17.2 Basic Authentication

HTTP Basic authentication (BA) implementation is the simplest technique for enforcing access controls to web resources because it doesn’t require cookies, session identifier and login pages. Rather, HTTP Basic authentication uses static, standard HTTP headers which means that no handshakes have to be done in anticipation.

The BA mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with Base64 in transit, but not encrypted or hashed in any way. Basic Authentication is, therefore, typically used over HTTPS.

GNU Artanis doesn’t support HTTPS at present, it is planned to support it in the future.

Let’s see a simple example:

(get "/bauth" #:auth `(basic ,(lambda (rc u p)
                               (and (string=? u "mmr")
                                    (string=? p "123"))))
  (lambda (rc) 
    (if (:auth rc)
        "auth ok"
        (throw-auth-needed))))

You have to define your own checker with the anonymous function (lambda (rc u p) ...). #t for succeed, #f for failed.

APIs: