客户端的http basic / digest身份验证中的“领域”有什么用?
[英]What is the use of “realm” in http basic/digest authentication at Client side?
问题描述
Experts, I am not sure if this has been explained earlier, but what is the role of "realm" in client perspective, specially for digest authentication. 
专家,我不确定这是否已经在前面进行了解释,但是“领域”在客户端角度(特别是对于摘要身份验证)的作用是什么。
eg Server has following information realm : myrealm username: username1 password : somePassword. 例如,服务器具有以下信息领域:myrealm用户名:username1密码:somePassword。 Authentication schema : Basic. 身份验证架构:基本。
Now when client makes a call with header "Authorization : Basic "base64encoded_username:password", then request is successful. 现在,当客户端使用标头“ Authorization:Basic” base64encoded_username:password”进行调用时,请求成功。
How should client make use of "realm" in Http headers so that in case server has multiple realm, then server validates user ONLY against that realm. 客户端应如何利用Http标头中的“领域”,以便在服务器具有多个领域的情况下,服务器仅针对该领域验证用户。
Same doubt is for Digest authentication. 对于摘要式身份验证也存在同样的疑问。 Do we really need to include realm in http header we prepare for Authoriation: Digest? 我们是否真的需要在准备进行授权的摘要的HTTP标头中包含领域:摘要?
I do not want to use HttpClient here. 我不想在这里使用HttpClient。
1 个解决方案
解决方案1
1 2014-10-09 09:46:34
After reading further, I figured out that client need not pass realm in request. 进一步阅读后,我发现客户端不需要在请求中传递领域。 When client sends a request to server, server challenges back to client with an response header eg WWW-Authenticate: Basic realm="WallyWorld" Ref . 当客户端向服务器发送请求时,服务器使用响应标头向客户端质询,例如WWW-Authenticate:Basic realm =“ WallyWorld” Ref 。 This information is used eg by browser as well and they pop up a dialog with message "server says WallyWorld" which is realm name. 例如,该信息也被浏览器使用,它们会弹出一个对话框,显示消息“服务器说WallyWorld”,这是领域名称。 Client has to supply userid/password for that realm 客户端必须提供该领域的用户标识/密码
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.