Basic Authentication

Basic Authentication is an authentication method that passes a user's credentials over a network of computers in an unencrypted form.

What is Basic Authentication?

Also called Clear-Text Authentication, an authentication method that passes a user's credentials over a network of computers in an unencrypted form. Basic Authentication is not a secure authentication scheme, since anyone who can intercept network traffic and read it using a protocol analyzer can obtain the user’s credentials.

Basic Authentication is one of three authentication schemes available on Microsoft Internet Information Services (IIS). Basic Authentication is often used in a UNIX environment for authenticating remote HTTP users. Basic Authentication is discussed in Request for Comments (RFC) numbers 1945, 2068, and 2069.

NOTE

Basic Authentication encodes a user’s credentials using a well-known public encoding algorithm known as uuencoding. Because the algorithm is well known, it is easy to decode uuencoded text.

TIP

Enable Basic Authentication on IIS to restrict access when you have clients that do not support Microsoft Windows NT Challenge/Response Authentication, or to support authentication through a firewall or proxy server. Note that for Basic Authentication to work on IIS, the users being authenticated must have the right to Log On Locally to the IIS server. Make sure that you use the NTFS file system to secure files on your system. To make Basic Authentication more secure, implement the Secure Sockets Layer (SSL) protocol.