Next: , Previous: , Up: Authentication   [Contents]

19.2 Basic Authentication

HTTP Basic authentication (BA) implementation is the simplest technique for enforcing access controls to web resources because it doesn’t require cookies, session identifier and login pages. Rather, HTTP Basic authentication uses static, standard HTTP headers which means that no handshakes have to be done in anticipation.

The BA mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with Base64 in transit, but not encrypted or hashed in any way. Basic Authentication is, therefore, typically used over HTTPS.

GNU Artanis doesn’t support HTTPS at present, it is planned to support it in the future.

Let’s see a simple example:

(define (my-checker rc user passwd)
  (and (string=? user "jack") (string=? passwd "123")))

(post "/bauth" #:auth `(basic ,checker)
  (lambda (rc)
    (if (:auth rc)
        "auth ok"
	    (throw-auth-needed))))

Another simple way is to compare the passsword stored in the database table:

(post "/bauth" #:auth `(basic Person username passwd)
  (lambda (rc) ... ))

NOTE: Assuming username and passwd is the fields of Person table.

You have to define your own checker with the anonymous function (lambda (rc u p) ...). #t for succeed, #f for failed.

APIs: