Difference between revisions of "Authentication"

From services.krediidiinfo.ee
Jump to: navigation, search
(Created page with "In Krediidiinfo web services authentication takes place in two ways, which are described below: * Basic Authentication The server responds to the request with the 401 "Authe...")
 
 
Line 1: Line 1:
In Krediidiinfo web services authentication takes place in two ways, which are described below:
 
  
 
* Basic Authentication
 
* Basic Authentication
  
 
The server responds to the request with the 401 "Authentication Required" header code, to notify the user that authentication is required. The client application must answer with the user name and password. If the user name and password are correct, and the user has the permission to make the request, the corresponding web service answer will be returned. More information on this protocol is available at [http://en.wikipedia.org/wiki/Basic_access_authentication http://en.wikipedia.org/wiki/Basic_access_authentication]. For the developers, we have provided an example of [[Basic Authentication näide|HTTP header]].
 
The server responds to the request with the 401 "Authentication Required" header code, to notify the user that authentication is required. The client application must answer with the user name and password. If the user name and password are correct, and the user has the permission to make the request, the corresponding web service answer will be returned. More information on this protocol is available at [http://en.wikipedia.org/wiki/Basic_access_authentication http://en.wikipedia.org/wiki/Basic_access_authentication]. For the developers, we have provided an example of [[Basic Authentication näide|HTTP header]].
 
 
 
* Certificate
 
 
For certificate-based authentication, Krediidiinfo issues a certificate (crt) for the client. The client may create a certificate signing request (csr). After receiving a request, the server asks the client for a valid certificate. More information about this protocol is available at  http://www.modssl.org/docs/2.8/ssl_intro.html
 
  
  

Latest revision as of 13:41, 28 February 2013

  • Basic Authentication

The server responds to the request with the 401 "Authentication Required" header code, to notify the user that authentication is required. The client application must answer with the user name and password. If the user name and password are correct, and the user has the permission to make the request, the corresponding web service answer will be returned. More information on this protocol is available at http://en.wikipedia.org/wiki/Basic_access_authentication. For the developers, we have provided an example of HTTP header.


Browser-based authentication

If the report is requested in a browser window, the user is first asked for the authentication certificate. If no certificate is provided, the next step is to ask the user for a user name and password according to the Basic Authentication method.