Before an action can be performed, the user requesting the action must be identified and authenticated. This is accomplished with a username and password combination supplied in the request. This can be supplied in a number of different ways.
- As HTTP GET variables named ‘username’ and ‘password’.
- HTTP POST variables named ‘username’ and ‘password’.
- Cookies named ‘username’ and ‘password’ supplied as part of an HTTP GET or POST request.
There is no significant difference between these different methods. Convenience and the particulars of the client application should dictate the exact method used.
If the authentication fails, an HTTP 401 Unauthorized error response will be sent. The server may also issue HTTP 403 Permission denied messages in the case of IP address restriction.