Many people are complaining about HTTP4e don’t supporting Authentication. Yet, a bit of knowledge about Basic Authentication would help them realize that performing authenticated request  is nothing more than passing an additional “authentication” header.

Opening Wikipedia at http://en.wikipedia.org/wiki/Basic_access_authentication
the following sequence of packet negotiation is being passed across the wire:

Request One:

GET /private/index.html HTTP/1.0
Host: localhost
HTTP/1.0 401 Authorization Required
Server: HTTPd/1.0
Date: Sat, 27 Nov 2004 10:18:15 GMT
WWW-Authenticate: Basic realm="Secure Area"
Content-Type: text/html
Content-Length: 311

blah blah ...

Request Two:

GET /private/index.html HTTP/1.0
Host: localhost
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
HTTP/1.0 200 OK
Server: HTTPd/1.0
Date: Sat, 27 Nov 2004 10:19:07 GMT
Content-Type: text/html
Content-Length: 10476

What does this tell us? Request one is trying to retrieve a resource on server localhost. Receiving a response back with 401 Authorization Required, the client makes second attempt (Request Two) passing this time some magic header and the server seems to like it by giving back 200 OK.  The magic header is “Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==”. The formula of the encoded string is nothing else, but Basic64 encoded text, so any online Base64 tool will decode the text to its human readable “username:password” value.

Back to the original post. How does this relate to HTTP4e? Well the tool doesn’t have the GUI utility to plug this header to the request sending. Yet, this doesn’t mean it doesn’t support Base Authentication. All you need to do is pass that magic header into your requests. So if you construct an HTTP call against server www.abc.com protected by Base authentication with username:password, pass this additional header to to that call.

Authorization: Basic <the Base64 encoded string "username:password">

Thanks for reading this far.