Security

How Web Authentication Works

Web authentication is a communication between the browser and the server, involving a small number of HTTP headers and error messages.

The flow of communication is:

1. The Web browser makes a request (for example, an HTTP GET).
2. The Web server performs an authentication check. If this fails because authentication is required, then the server sends back an error message (usually a 401—Access Denied), along with information so that the Web browser can resubmit the request as an authenticated request.
3. The Web browser uses the server’s response to construct a new request that contains authentication information.
4. The Web server performs an authentication check. If the check is successful, the server sends the data that was initially requested back to the Web browser.

© 1997-1999 Microsoft Corporation. All rights reserved.