Basic (Base64) Authentication
Base64 Authentication Policy is used to authenticate clients with username and password only. The difference from the Plain-Text Authentication Policy is the way the username and password are sent.
For the use of this policy, the username and password information must be combined with a colon (:) character and encrypted with the Base64 algorithm. Generally, it is used in the message header with the "Authorization" key and the phrase "Basic" before it, but it can be sent in other parts of the message, although it is rare. Apinizer can offer solutions for all possibilities with the concept of variables.
For example, in a typical scenario, where username is user.9978, and password is TWvb!28@, then Base64("username":"password") would be: dXNlci45OTc4OlRXdmIhMjhA. Then, Basic is added to the beginning of this statement and it is sent as follows in the Authorization header: "Basic dXNlci45OTc4OlRXdmIhMjhA"
The locations of username and password within the message is given by the variables. Received values are authenticated via the relevant identity provider which is selected during the policy configuration.
If the result of authentication is successful, the message flow is allowed to continue. Otherwise, the flow is interrupted and a response message containing an error message about the problem is returned to the client.
The picture below shows the policy settings:
The Base64 Authentication Policy fields are shown in the table below.
Field | Description |
---|---|
Description | An optional description of the policy that may be useful for usage and management activities. |
Identity/Role/Group Service | The Identity Provider Service to authenticate the users. Please visit the Identity Providers page for more information. |
Variable for Authorization | It is the variable used to specify the location of the Base64 encrypted form of the "username" and "password" pair within the message. |
Appears if "Security Manager" is selected as the identity provider service. If this option is enabled and the IP information was specified while defining the user, it is also checked whether the request comes from the IP(s) given for this user. | |
Clear Authentication Information | It ensures that all existing authentication information, if any, is deleted in the message content. In this case, if there is an Authorization Information in the request from the client, this information is deleted and not sent to the Backend API. |
Add Client Info to Header | If this option is checked, username of the authenticated user will be sent to the Backend API in a header when the authentication is successful. The default name of this header is X-Authenticated-UserId. |
Authenticated User Header Name | If the Add Client Info to Header option is checked, the value of this field is used as the name of the header to put the authenticated username. |
Authorization Configuration | This option is activated to configure the access control according to the roles of the users. Please visit the Authorization page for more information. |
You can visit the Policies page for the details of the Conditions and Error Message Customization panels.