Home > Articles

Automating HTTP Authentication with Scripting, Part 2: Rebooting a Password-Protected Router with a Script

  • Print
  • + Share This
In part 1 of this series, Steve Schafer covered the basics of how HTTP-Auth works to communicate information between client (web browser) and server. In part 2, he shows how to write a script that automates this authentication process, to enable scripting actions with network peripherals protected by HTTP-Auth.

Digg!
Read Part 1 of this series here.
Like this article? We recommend

Like this article? We recommend

Back to the Key: The HTTP Authorization Header

Part 1 of this series covered how HTTP communication works and what information gets passed between client and server in an HTTP-Auth session. But where does the web server look for the appropriate credentials for its HTTP-Auth use? It searches an HTTP header named Authorization, which takes the following form:

Authorization: Basic <"username:password" in base64 encoding>

The header specifies that the authorization is Basic (not Digest) and includes the username and password, separated by a colon (:) and base64 encoded. For example, suppose the username is hero and the password is goat. The PHP code in Listing 1 would build an appropriate Authorization header, stored in the variable $auth_header.

Listing 1 Using PHP to build the Authorization header.

// A somewhat verbose build of a valid Authorization header
// Set the username and password
$user = "hero";
$pass = "goat";
// Encode user:password
$userpass = base64_encode($user . ":" . $pass);
// Include encoded user/pass in the rest of the header
$auth_header = "Authorization: Basic " . $userpass;

The trick then becomes including an appropriate and valid Authorization header in each request to a server that requires authentication—from the very first request to the last.

  • + Share This
  • 🔖 Save To Your Account