WEBVTT

00:00.630 --> 00:04.050
Hi and welcome back to the Knowledge Portal Video Series.

00:04.880 --> 00:10.430
So today we're going to talk about a very interesting topic called as Http authentication.

00:11.370 --> 00:18.630
So before we go into what exactly it is, let's take a real world scenario to understand where Http

00:18.630 --> 00:20.220
authentication can be used.

00:21.580 --> 00:23.080
So let's take an example.

00:23.080 --> 00:26.140
So you have a website called as Example.com.

00:26.900 --> 00:34.280
So this website is open to the Internet, so everyone from the Internet can access this particular website.

00:35.120 --> 00:42.530
Now, generally you do not want or sometimes you might want that certain pages within your website should

00:42.530 --> 00:45.740
only be allowed to particular person.

00:46.280 --> 00:50.030
So say slash admin page.

00:50.780 --> 00:55.820
So slash admin page you don't want the whole internet to access it.

00:55.850 --> 01:03.560
So there has to be some kind of a authentication mechanism where if a user wants to open slash admin

01:03.560 --> 01:05.870
page, then he has to authenticate.

01:07.100 --> 01:11.510
And this is where the authentication comes into picture.

01:13.310 --> 01:16.100
So here I have a small picture.

01:16.100 --> 01:23.300
So it's something like if someone tries to open example.com slash admin.

01:25.000 --> 01:33.880
Then Http will ask for an authentication where the user has to enter username and password, and if

01:33.880 --> 01:37.600
both of them are correct, then the user will be able to open the page.

01:38.430 --> 01:42.630
So if we talk about authentication.

01:42.630 --> 01:44.940
So this is Http authentication.

01:44.940 --> 01:46.710
There are two major types of them.

01:47.250 --> 01:48.930
So one is basic.

01:51.150 --> 01:53.070
Venous Digest.

01:54.670 --> 01:57.230
And there is a third one which is empty as well.

01:57.250 --> 02:04.210
So now is something which is not much used, but basic and digest based authentication are something

02:04.210 --> 02:08.080
which is used frequently in many of the websites.

02:09.660 --> 02:13.950
So let me show you on how exactly it works.

02:15.710 --> 02:19.130
So let me open Internet Explorer.

02:21.190 --> 02:22.930
And let's go to example.com.

02:23.350 --> 02:26.640
And here you see, this is a knowledge portal video series.

02:26.650 --> 02:28.210
So this is a normal website.

02:28.390 --> 02:38.380
So if we want to go to some important critical pages like slash admin, then there will be a prompt

02:38.380 --> 02:39.910
for username and password.

02:39.910 --> 02:43.660
And this is what the Http authentication basically means.

02:44.170 --> 02:47.680
So let me put in the username followed by the password.

02:47.920 --> 02:52.180
And if I say okay, then the admin page opens up.

02:52.810 --> 02:58.090
So this is an abstract overview of the Http authentication.

02:58.570 --> 03:01.600
So let's see on how exactly it works internally.

03:04.280 --> 03:06.080
So let's go down.

03:06.200 --> 03:08.210
And this is what happens.

03:09.500 --> 03:14.840
So the first step, the user sends a get request.

03:15.020 --> 03:18.820
We have already seen the Http request and response headers.

03:18.860 --> 03:23.780
So the very first thing that happens is the user sends a get request to slash admin.

03:26.100 --> 03:30.930
And so this is the first thing.

03:30.930 --> 03:33.000
So once the server.

03:33.000 --> 03:33.990
So this is a server.

03:33.990 --> 03:35.220
So once the server.

03:36.500 --> 03:40.350
Receives the get request on slash admin page.

03:40.370 --> 03:42.830
It will immediately send a 401.

03:43.460 --> 03:44.390
401.

03:44.390 --> 03:46.930
Basically means authorization is required.

03:46.940 --> 03:48.980
That means you have to authenticate.

03:48.980 --> 03:50.960
And along with the 401.

03:50.960 --> 04:00.290
It sends a WW authenticate authenticate header saying what type of authentication mechanism it is using.

04:00.290 --> 04:02.480
So here you see it is saying basic.

04:02.480 --> 04:06.650
So you already see there are three types, basic and digest.

04:06.650 --> 04:09.800
So this is what the authentication.

04:10.600 --> 04:11.470
Type is.

04:13.290 --> 04:20.730
And along with this, whenever the user receives the second request, they will see some kind of a form

04:20.730 --> 04:22.950
with username and password credentials.

04:23.790 --> 04:34.740
Now, as soon as the user fills the username and password and click on submit, the browser will send

04:34.740 --> 04:35.820
the get request.

04:35.820 --> 04:41.640
Again, get slash admin along with the username and password.

04:42.270 --> 04:48.600
Now here you see the username and password are basically encoded by base64.

04:50.130 --> 04:52.620
And then send to the client.

04:53.580 --> 04:57.570
Now, remember, this is encoding and not encryption.

04:58.570 --> 05:00.660
There is a difference between these two.

05:00.700 --> 05:05.980
So before we go into all of these, let me show you the packet capture.

05:06.340 --> 05:11.200
So let me open my wireshark and let's start the packet capture.

05:12.250 --> 05:15.640
So I go to Firefox.

05:16.850 --> 05:23.610
I'll go to example admin and here it is asking for username and password.

05:23.630 --> 05:26.930
So I've already configured it on my nginx box.

05:31.870 --> 05:31.990
See.

05:32.080 --> 05:32.620
Okay.

05:33.550 --> 05:36.060
And here you see, this is the secret admin page.

05:36.070 --> 05:39.160
So let's look into the wireshark and see what exactly has happened.

05:44.990 --> 05:50.360
So let's go bit up and get slash admin stats from here.

05:50.510 --> 05:52.760
So let me follow the TCP stream.

05:54.440 --> 05:56.000
And let's see what has happened.

05:56.930 --> 06:06.470
So the browser has requested for slash admin page and there is in the response you see the server has

06:06.470 --> 06:16.430
given 401 unauthorized and along with that it has sent a authenticate header asking the client to authenticate.

06:16.430 --> 06:19.610
And this is when we see the username and password column.

06:20.330 --> 06:27.200
Now, along with the authenticate, it is saying that the server has implemented basic authentication.

06:28.980 --> 06:32.280
Now if we go a bit down.

06:34.700 --> 06:38.030
Then you see this is the response.

06:38.060 --> 06:40.430
Again, the get slash admin.

06:40.520 --> 06:49.220
Now here it is saying authorization means it is providing an answer to basic authentication and this

06:49.220 --> 06:53.720
is the username and the password which is encoded in the base64.

06:55.440 --> 06:57.660
And then if we go down.

06:58.950 --> 07:02.040
Then you see, you get a 200.

07:02.040 --> 07:02.370
Okay.

07:02.400 --> 07:08.790
Means the server has verified that the credentials are proper and it has given access.

07:10.090 --> 07:17.350
Now this is a base64 encoded value, so if we just copy it.

07:18.590 --> 07:22.490
In the browser just like base64 decoder.

07:22.790 --> 07:27.920
And if you paste this value in the decode format, you'll actually get the.

07:29.090 --> 07:31.850
Format back, which is admin and password.

07:31.850 --> 07:36.080
So the username was admin and the password was password.

07:37.980 --> 07:43.230
So if we talk about the base 64, all it does is it does the encoding.

07:43.230 --> 07:43.890
So.

07:45.240 --> 07:53.130
You can actually retrieve your plaintext data from the Base64 encoded value.

07:54.180 --> 07:56.340
So in this type of scenarios.

07:56.340 --> 08:02.340
So let's say this is a client, this is a client and this is a server.

08:03.330 --> 08:10.050
Now, the client has sent a password to the server encoded with Base64.

08:10.980 --> 08:14.700
Now, in this type of scenarios, if there is a hacker who is listening.

08:15.590 --> 08:16.370
Over the network.

08:16.370 --> 08:18.410
So this is a hacker bad guy.

08:18.740 --> 08:27.620
And if he manages to capture this traffic, then even Hacker has the Base64 encoded format.

08:27.740 --> 08:38.060
All he has to do is he has to decode the Base64 value and say Base64 value, and then he'll get the

08:38.060 --> 08:41.150
original username and password back.

08:44.140 --> 08:44.920
So.

08:45.730 --> 08:50.650
This is one of the reasons why basic authentication by itself is not preferred.

08:51.220 --> 08:57.850
Now, there are a lot of sites which still implement basic authentication, but if you want to implement

08:57.850 --> 09:01.690
basic authentication, then you can use on top of SSL.

09:02.830 --> 09:09.310
So if you use on top of SSL, then this whole data is encrypted.

09:09.700 --> 09:16.030
So even if the hacker tries to get the data, it will be in a jumbled up format.

09:16.060 --> 09:18.700
So the hacker won't be able to decode it.

09:18.970 --> 09:26.470
So this is one of the reasons why Http basic authentication is ideally used along with SSL.

09:27.100 --> 09:34.420
If it is not used, then it is very easy for a hacker to or hacker who is monitoring the traffic to

09:34.450 --> 09:35.950
hack into the server.

09:36.930 --> 09:43.860
So this is it about the base 64 and the basic Http authentication.

09:44.280 --> 09:48.660
I hope this has been useful for you and I'd like to thank you for viewing.