blob: b5b3c3d941397b49272cc44b2bfe8d8fcd5bf85e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
---
title: Authorization
slug: Web/HTTP/Headers/Authorization
tags:
- HTTP
- HTTP Header
- Reference
- Request header
- header
---
<div>{{HTTPSidebar}}</div>
<p>HTTP 請求中的 <strong><code>Authorization</code></strong> 是 user agent 用來向伺服器做身份認證(authentication)的憑證(credentials),
通常是在伺服器回應 {{HTTPStatus("401")}}
<code>Unauthorized</code> 狀態及 {{HTTPHeader("WWW-Authenticate")}} 標頭後才會在後續請求使用這個標頭。</p>
<table class="properties">
<tbody>
<tr>
<th scope="row">Header type</th>
<td>{{Glossary("Request header")}}</td>
</tr>
<tr>
<th scope="row">{{Glossary("Forbidden header name")}}</th>
<td>no</td>
</tr>
</tbody>
</table>
<h2 id="Syntax">語法</h2>
<pre class="brush: html">Authorization: <type> <credentials></pre>
<h2 id="Directives">指令</h2>
<dl>
<dt><type></dt>
<dd><a href="/en-US/docs/Web/HTTP/Authentication#authentication_schemes">認證方式</a>,通常是 <a
href="/en-US/docs/Web/HTTP/Authentication#basic_authentication_scheme">"Basic"</a>。
其他方式可以參考:
<ul>
<li><a
href="http://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml">IANA
registry of Authentication schemes</a></li>
<li><a
href="http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html">Authentification
for AWS servers (<code>AWS4-HMAC-SHA256</code>)</a></li>
</ul>
</dd>
<dt><credentials></dt>
<dd>如果使用「Basic」方式,則憑證的格式會長的像這樣:
<ul>
<li>帳號、密碼會用冒號(:)串起來
(<code>aladdin:opensesame</code>)。</li>
<li>然後在以 <a
href="/en-US/docs/Glossary/Base64">base64</a>
編碼 (<code>YWxhZGRpbjpvcGVuc2VzYW1l</code>)。</li>
</ul>
<div class="note">
<p><strong>Note</strong>: Base64 編碼不是加密也不是雜湊(Hash)!就算用明文直接傳,
安全性也跟用 base64 編碼過一樣(base64 是可以解碼的)。最好用 HTTPS 搭配這種驗證方式。</p>
</div>
</dd>
</dl>
<h2 id="Examples">範例</h2>
<pre>Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
</pre>
<p>可以看看 <a href="/en-US/docs/Web/HTTP/Authentication"> HTTP authentication</a> 中的範例
教你如何在 Apache 或 nginx 上啟用 HTTP basic authentication 來保護你的網站。</p>
<h2 id="Specifications">Specifications</h2>
<table class="standard-table">
<thead>
<tr>
<th scope="col">Specification</th>
<th scope="col">Title</th>
</tr>
</thead>
<tbody>
<tr>
<td>{{RFC("7235", "Authorization", "4.2")}}</td>
<td>HTTP/1.1: Authentication</td>
</tr>
<tr>
<td>{{RFC("7617")}}</td>
<td>The 'Basic' HTTP Authentication Scheme</td>
</tr>
</tbody>
</table>
<h2 id="See_also">See also</h2>
<ul>
<li><a href="/en-US/docs/Web/HTTP/Authentication">HTTP authentication</a></li>
<li>{{HTTPHeader("WWW-Authenticate")}}</li>
<li>{{HTTPHeader("Proxy-Authorization")}}</li>
<li>{{HTTPHeader("Proxy-Authenticate")}}</li>
<li>{{HTTPStatus("401")}}, {{HTTPStatus("403")}}, {{HTTPStatus("407")}}</li>
</ul>
|
